Last Updated: June 24, 2020
We do not control the collection, use, or access of your information by the Franchised Hotels (as defined in II.D. below) and their staff. The Franchised Hotel is the merchant who collects and processes credit card information and receives payment for your stay. The Franchised Hotels are subject to the merchant rules of the credit card processors they select, which establish credit card security rules and procedures.
II. HOW WE COLLECT, USE AND SHARE PERSONAL INFORMATION
We may collect personal information from our Hotel Guests and Users in different ways and for different purposes. For example, if you are a Hotel Guest, we may collect personal information from you to process a reservation in our network of hotels or if you elect to participate in our hotel rewards program. If you are a User of our Sites or Apps, we may collect personal information from you if you create an account with us through the Services or if you send us a message through the Services.
A. Personal Information Collected from Our Hotel Guests
Collection and use
· Contact Information, such as customer’s name, phone number, email address, mailing address
· Financial Information, such as the customer’s credit card information
· Stay Preferences
· Reservation Record, such as reservation or folio
· Comments or Feedback, such as comments or feedback relating to Services or stay at hotel
· Group Membership, such as association number (e.g., AAA), corporate account number or group booking number
· Recordings, such as video, photo, and audio data captured on phone calls or in public areas of hotels for security purposes
· Direct from Customer
· Management and/or Owners of Franchise Property
· Call Center
· Corporate/National Account Administrators
· Web Lead Generation Partners
· Online Travel Agencies
· Perform analytics in order to provide you with personalized offers and content and improve business operations
· Detect and prevent fraud
· Process payment in order to provide requested services (e.g., facilitate reservation processing, including payment, check-in/check-out, provide WiFi/laundry/other incidentals)
· Enable customer to view past and upcoming stays
· Provide customer satisfaction surveys
· Develop new goods or services, improving or modifying our services, evaluating our promotions and marketing
· Security and protection
· Fraud monitoring and loss prevention
· Management and/or owners of a franchise property
· Online Travel Agencies
· Corporate/national account administrators
· Group booking point of contact
· Payment processors
· Customer experience, feedback, claims management, claims service providers
· Marketing service providers
B. Personal Information Collected from Users of Our Services
Collection and use
· Online Activity Information on the Sites and Apps, such as IP address, browser type, language preferences, referral sources, pages viewed on the Sites, and site usage statistics
· Geolocation Data
· App Usage Data
· Device Data
· Directly from User’s use of the Site or App
· Marketing service providers
· Analytics service providers
· Satellite, cell phone tower, WiFi signals, or other technologies
· Providing User with the Services
· Security and protection
· Fraud monitoring and loss prevention
· Improving or modifying our services, evaluating our promotions and marketing
· Internal business purposes and regulatory compliance
· To view room availability in nearby properties as requested
· Service providers (such as Adobe)
C. Additional Information Regarding the Categories of Personal Information Collected
The following provides more details regarding some of the categories of personal information described in the tables above:
D. Additional Information Regarding the Categories of Sources from which Personal Information is Collected
The following provides more details regarding some of the categories of sources described in the tables above:
We may use or disclose your personal information and other information we collect to the owners, managers and operators of our franchised hotels and owners of hotels that we manage but do not own that require access to your personal information for business purposes.
E. Additional Purposes for the Collection or Use of Personal Information
In addition to the uses described in the tables above, Extended Stay America may also use or share personal information:
There may also be times when we share aggregated information (that does not individually identify any particular person) with advertisers, business partners, subsidiary companies, affiliated companies, parent corporations, sponsors, joint venture partners and other third parties in an effort to customize or enhance the content and advertising of our website for future users or to improve our marketing and promotional efforts.
III. NO SALE OF PERSONAL INFORMATION
IV. TRACKING; ANALYTICS PROVIDERS
We partner with certain third-party service providers to collect information to engage in analytics, auditing, research, and reporting. These third parties may use server logs, tags, pixels, and similar technologies, and they may set and access cookies on your computer or other device.
We also partner with third parties to provide advertising services that are targeted based on your online activities across websites, mobile apps, and devices over time (commonly referred to as “interest-based advertising”). Our advertising partners may collect information about your activities on our Services on your current device and combine it with information about your activities on other websites, mobile apps, and devices. They may collect such information using server logs, cookies, web beacons, tags, pixels, mobile advertising IDs (such as Facebook cookies or Google’s Advertising ID), cross-device linking, and similar technologies. For example, our advertising partners may use the fact that you visited our website to target advertising to you on other websites and mobile apps on your current device or on other devices you use. They may match your browsers or devices if you log into the same online service on multiple devices or if your devices share similar attributes that support an inference that they are used by the same person or household. This means that information about your activity on websites or apps on your current browser or device may be combined and used with information collected from your other browsers or devices. You can opt out of interest-based advertising in web browsers and mobile apps on your current browser or device by following the instructions below.
For more information about interest-based advertising and cross-device linking, please visit the Adobe Target website. You may opt out of interest-based advertising and cross-device linking in web browsers and mobile apps on your current browser or device by following the instructions below.
Please note that Adobe Target is the primary site personalization tool for esa.com and disabling Adobe Target could mean a substandard experience and lack of content. Please further note that the opt-out described above will apply only to the specific browser or device from which you opt out, and therefore you will need to opt out separately on all of your browsers and devices. If you delete or reset your cookies or mobile advertising identifiers, change browsers (including upgrading certain browsers), or use a different device, any opt-out cookie or tool may no longer work, and you will need to opt out again.
A. Links to Other Sites
B. Children’s Personal Information
VI. WHERE WE WILL TRANSFER YOUR PERSONAL INFORMATION
Unfortunately, the transmission of information is not completely secure. We cannot guarantee the security of your personal information transmitted to the Service and any transmission is at your own risk. Once we have received your personal information, we will use reasonable efforts to implement procedures and security features to try to help prevent unauthorized access. However, due to the nature of evolving technologies, we cannot provide, and expressly disclaim, any assurance that the information you provide us will remain free from loss, misuse, or alteration by third parties who, despite our efforts, obtain unauthorized access.
VIII. ACCESS TO YOUR PERSONAL INFORMATION AND “OPT OUT” PROCEDURES
To Update Your Contact Information:
To Use App:
To Sign Up for Promotional Emails:
IX. RIGHTS FOR CALIFORNIA CONSUMERS
The California Consumer Privacy Act of 2018 (“CCPA”) provides California consumers with certain rights with regard to their personal information. This Section explains those rights. If you are a California consumer and would like to exercise any of those rights under the CCPA, please see subsection E below for more information on how to submit a request.
A. Right to Know About and Access Your Personal Information
If you are a California consumer, you may have the right to request that Extended Stay America provide you with information regarding what personal information about you we have collected, used, disclosed, or sold in the preceding twelve (12) months. Once we receive your request and verify your identity, we will disclose to you one or more of the following as requested:
o The categories of personal information we have collected about you in the preceding twelve (12) months.
o The categories of sources from which we collected your personal information in the preceding twelve (12) months.
o The business or commercial purposes for collecting your personal information in the preceding twelve (12) months.
o The categories of third parties with whom we shared your personal information in the preceding twelve (12) months.
o The specific pieces of personal information we collected about you in the preceding twelve (12) months.
B. Right to Delete Your Personal Information
If you are a California consumer, you may have the right to request that Extended Stay America delete certain of your personal information that we have collected from you. However, this right to deletion does not apply to any of your personal information that is subject to an exception under the CCPA (as described below). Once we receive your request and verify your identity, we will delete (and direct our service providers to delete) your personal information in our records that is not subject to any of the CCPA exceptions.
We may deny your deletion request where your personal information is required for any of the following reasons, which we will identify in our response to you if we deny your request:
o Complete the transaction for which we collected the personal information, provide a product or service that you requested (e.g., insurance product), take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
o Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
o Debug products to identify and repair errors that impair existing intended functionality.
o Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
o Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
o Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
o Comply with a legal obligation.
o Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
C. Right to Opt-Out of the Sale of Your Personal Information
If you are entitled to any disclosure rights in your jurisdiction regarding our sale of your personal information to non-affiliated third parties or our disclosure of your personal information to third parties for their own direct marketing purposes, this disclosure satisfies those requirements. If you still wish to learn more about our compliance with this requirement, please contact us using the information provided in the “Contact Us” section below.
D. Right to Non-Discrimination
Extended Stay America will not discriminate against any California consumer who exercises any of the rights described above. Specifically, except as permitted by the CCPA, we will not deny you goods or services; charge you different prices or rates, including through granting discounts or other benefits, or imposing penalties; provide you with a different level of service or quality of goods or services; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
E. How to Submit a Request
If you are a California consumer and would like to exercise any of the CCPA rights identified above, you may submit a request by either please click the link below to download the Data Request Form, fill it out, and email to firstname.lastname@example.org or call 1-877-651-2124 to speak to an Extended Stay America representative. The Data Request Form can also be mailed to the following address to the attention of the Privacy Officer at 11525 North Community House Road, Ste. 100, Charlotte, NC 28277.
F. Submitting a Request through Your Authorized Agent
If you are a California consumer, you may have the option to designate an authorized agent to submit a request on your behalf, so long the authorized agent has your written permission to do so and you have taken steps to verify your identity directly with us. If you would like to designate an agent, your agent must register as such with the California Secretary of State and submit a copy of this registration along with your consumer request to us. We may need to contact you directly to verify the request.
G. How We Verify Your Request
To process your request for access or deletion, we must be able to verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us.
To verify your identity, we will ask that you provide the following information when you submit your request:
When the Privacy Officer receives your request, the Privacy Officer will first verify your identity. The Privacy Officer will confirm your eligibility for response by asking you to provide your name, phone number, email address, home address and address of last Extended Stay America hotel you stayed in. Once the Privacy Officer has verified your identity, the Privacy Officer will begin processing your request.
Depending on your type of request or the information requested by you, we may require additional information in order to verify your identity and fulfill your request. If we are not able to identify a match with our records, we will inform you of that fact.
We will respond to your request within forty-five (45) days. However, in certain circumstances, we may require additional time to process your request, as permitted by the CCPA or other applicable law. We will advise you within forty-five (45) days after receiving your request if such an extension is necessary and why it is needed. Any disclosures we provide will only cover the twelve (12)-month period preceding our receipt of your request. If we cannot fulfill your request, our response to you will also explain the reason why we cannot fulfill your request.
XI. CONTACT US