privacy and security
| terms & conditions
Last Updated: June 24, 2020
We do not control the collection, use, or access of your information by the Franchised Hotels (as defined in II.D. below) and their staff. The Franchised Hotel is the merchant who collects and processes credit card information and receives payment for your stay. The Franchised Hotels are subject to the merchant rules of the credit card processors they select, which establish credit card security rules and procedures.
II. HOW WE COLLECT, USE AND SHARE PERSONAL INFORMATION
We may collect personal information from our Hotel Guests and Users in different ways and for different purposes. For example, if you are a Hotel Guest, we may collect personal information from you to process a reservation in our network of hotels or if you elect to participate in our hotel rewards program. If you are a User of our Sites or Apps, we may collect personal information from you if you create an account with us through the Services or if you send us a message through the Services.
A. Personal Information Collected from Our Hotel Guests
Collection and use
· Contact Information, such as customer’s name, phone number, email address, mailing address
· Financial Information, such as the customer’s credit card information
· Stay Preferences
· Reservation Record, such as reservation or folio
· Comments or Feedback, such as comments or feedback relating to Services or stay at hotel
· Group Membership, such as association number (e.g., AAA), corporate account number or group booking number
· Recordings, such as video, photo, and audio data captured on phone calls or in public areas of hotels for security purposes
· Direct from Customer
· Management and/or Owners of Franchise Property
· Call Center
· Corporate/National Account Administrators
· Web Lead Generation Partners
· Online Travel Agencies
· Perform analytics in order to provide you with personalized offers and content and improve business operations
· Detect and prevent fraud
· Process payment in order to provide requested services (e.g., facilitate reservation processing, including payment, check-in/check-out, provide WiFi/laundry/other incidentals)
· Enable customer to view past and upcoming stays
· Provide customer satisfaction surveys
· Develop new goods or services, improving or modifying our services, evaluating our promotions and marketing
· Security and protection
· Fraud monitoring and loss prevention
· Management and/or owners of a franchise property
· Online Travel Agencies
· Corporate/national account administrators
· Group booking point of contact
· Payment processors
· Customer experience, feedback, claims management, claims service providers
· Marketing service providers
B. Personal Information Collected from Users of Our Services
Collection and use
· Online Activity Information on the Sites and Apps, such as IP address, browser type, language preferences, referral sources, pages viewed on the Sites, and site usage statistics
· Geolocation Data
· App Usage Data
· Device Data
· Directly from User’s use of the Site or App
· Marketing service providers
· Analytics service providers
· Satellite, cell phone tower, WiFi signals, or other technologies
· Providing User with the Services
· Security and protection
· Fraud monitoring and loss prevention
· Improving or modifying our services, evaluating our promotions and marketing
· Internal business purposes and regulatory compliance
· To view room availability in nearby properties as requested
· Service providers (such as Adobe)
C. Additional Information Regarding the Categories of Personal Information Collected
The following provides more details regarding some of the categories of personal information described in the tables above:
- Geolocation Data: We or our service providers may receive or infer information about your location from a variety of sources. For example, we may use your IP address to identify your general location or we may receive more precise location data from your mobile device (such as via GPS, wireless networks, cell towers, Wi-Fi access points). If you have enabled location information sharing while using the Site and/or the App actively or in the background, then your location information may be shared with our service provider in order to compare nearby offers. We may use location data to analyze certain information, and to improve our Service and relevance of the information we provide to you via the Service. Before we collect this information via the App, you must affirmatively opt-in to our use of such information and you will have the option of sharing your location at different intervals (for example, indefinitely or just for a certain period of time). Please note that if you do not share your location information then you may not be able to redeem certain offers and the App may have very limited functionality. We may use your location information to enable us to better focus or advertising and marketing efforts and to better tailor your use of the Service to your unique interests and needs.
- Cookie Data: Whenever you visit or interact with a Site, we, as well as our service providers, may use assorted technologies that automatically or passively collect information about how the website is accessed and used, including by use of “cookies.” Cookies are pieces of information that are placed on an individual visitor’s hard drive for the purpose of keeping records. Cookies can enhance your online experience by personalizing your experience while visiting a particular website. We do use the cookie to help us identify website features and content which are of the greatest interest, so we will be able to enhance this website to provide you with a great web experience.
You understand that you may have limited options with respect to your selection of cookie preference as we continue to update our Site and technology and cookies may not be able to be disabled. Please remember that cookies may help you take full advantage of the newest website features at this Site.
Another tool that may be employed by us is a web beacon, pixel tag or similar technology. These tools help us determine various types of technical information. When you ask us to send you information on a promotion or via newsletters, web beacons may be used to determine how many of the emails sent were actually opened. Please note, however, that in general, most images viewed as part of a web page can be used as a web beacon. We are also likely to passively collect such other technical information as the IP address of your computer/mobile device and the type of browser that you are using.
D. Additional Information Regarding the Categories of Sources from which Personal Information is Collected
The following provides more details regarding some of the categories of sources described in the tables above:
- Franchisees: Hotels franchised under Extended Stay America’s brand (“Franchised Hotels”) are independently owned and operated. Your personal information collected or maintained directly by the Franchised Hotels is not subject to this policy, unless such information has been shared with us, in which case the policy only covers our collection, use, and maintenance of your personal information. If you book a reservation directly with a hotel and that hotel utilizes our property management system, your personal information related to that reservation will be transmitted to and processed by us.
We may use or disclose your personal information and other information we collect to the owners, managers and operators of our franchised hotels and owners of hotels that we manage but do not own that require access to your personal information for business purposes.
E. Additional Purposes for the Collection or Use of Personal Information
In addition to the uses described in the tables above, Extended Stay America may also use or share personal information:
- with our service providers that are providing services to us on our behalf
- to comply with applicable laws and regulatory requirements, or as requested by government or regulatory authorities or law enforcement, including in response to a court order, subpoena, or request
- with our attorneys, accountants and auditors
- in connection with pending litigation
- in connection with any legal investigation
- in connection with a merger, divestiture, acquisition, restructuring, reorganization, dissolution, change of control, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred
- to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity
- to debug to identify and repair errors that impair existing intended functionality in the Services
There may also be times when we share aggregated information (that does not individually identify any particular person) with advertisers, business partners, subsidiary companies, affiliated companies, parent corporations, sponsors, joint venture partners and other third parties in an effort to customize or enhance the content and advertising of our website for future users or to improve our marketing and promotional efforts.
III. NO SALE OF PERSONAL INFORMATION
IV. TRACKING; ANALYTICS PROVIDERS
We partner with certain third-party service providers to collect information to engage in analytics, auditing, research, and reporting. These third parties may use server logs, tags, pixels, and similar technologies, and they may set and access cookies on your computer or other device.
We also partner with third parties to provide advertising services that are targeted based on your online activities across websites, mobile apps, and devices over time (commonly referred to as “interest-based advertising”). Our advertising partners may collect information about your activities on our Services on your current device and combine it with information about your activities on other websites, mobile apps, and devices. They may collect such information using server logs, cookies, web beacons, tags, pixels, mobile advertising IDs (such as Facebook cookies or Google’s Advertising ID), cross-device linking, and similar technologies. For example, our advertising partners may use the fact that you visited our website to target advertising to you on other websites and mobile apps on your current device or on other devices you use. They may match your browsers or devices if you log into the same online service on multiple devices or if your devices share similar attributes that support an inference that they are used by the same person or household. This means that information about your activity on websites or apps on your current browser or device may be combined and used with information collected from your other browsers or devices. You can opt out of interest-based advertising in web browsers and mobile apps on your current browser or device by following the instructions below.
For more information about interest-based advertising and cross-device linking, please visit the Adobe Target website. You may opt out of interest-based advertising and cross-device linking in web browsers and mobile apps on your current browser or device by following the instructions below.
Please note that Adobe Target is the primary site personalization tool for esa.com and disabling Adobe Target could mean a substandard experience and lack of content. Please further note that the opt-out described above will apply only to the specific browser or device from which you opt out, and therefore you will need to opt out separately on all of your browsers and devices. If you delete or reset your cookies or mobile advertising identifiers, change browsers (including upgrading certain browsers), or use a different device, any opt-out cookie or tool may no longer work, and you will need to opt out again.
A. Links to Other Sites
B. Children’s Personal Information
VI. WHERE WE WILL TRANSFER YOUR PERSONAL INFORMATION
Unfortunately, the transmission of information is not completely secure. We cannot guarantee the security of your personal information transmitted to the Service and any transmission is at your own risk. Once we have received your personal information, we will use reasonable efforts to implement procedures and security features to try to help prevent unauthorized access. However, due to the nature of evolving technologies, we cannot provide, and expressly disclaim, any assurance that the information you provide us will remain free from loss, misuse, or alteration by third parties who, despite our efforts, obtain unauthorized access.
VIII. ACCESS TO YOUR PERSONAL INFORMATION AND “OPT OUT” PROCEDURES
To Update Your Contact Information:
- You may also use any “contact us” feature on www.extendedstayamerica.com or update contact information within any user account you maintain with us.
To Use App:
- You can choose whether or not to allow the App to collect and use real-time information about your device’s location through your device’s settings
- You can manage these preferences when the App is first launched or at a later stage by using the setting on your mobile device.
- If you block the use of location information, the App may not function as intended and certain features may not be available to you.
To Sign Up for Promotional Emails:
- In order to begin receiving promotional email communications from us, you must affirmatively opt-in to receive these kinds of communications.
- If you elect to receive any promotional email communication from us, you will be given the option to “unsubscribe” from receiving further email communications from us if you wish to stop receiving these communications at any time, except with respect to emails relating to transactions (e.g., room or service bookings through the Service).
- Your option not to receive promotional and marketing material will not preclude us from corresponding with you, by email or otherwise, regarding your existing or past business relationships with us, and will not preclude us from accessing and viewing your personal information in the course of maintaining and improving the Service.
IX. RIGHTS FOR CALIFORNIA CONSUMERS
The California Consumer Privacy Act of 2018 (“CCPA”) provides California consumers with certain rights with regard to their personal information. This Section explains those rights. If you are a California consumer and would like to exercise any of those rights under the CCPA, please see subsection E below for more information on how to submit a request.
A. Right to Know About and Access Your Personal Information
If you are a California consumer, you may have the right to request that Extended Stay America provide you with information regarding what personal information about you we have collected, used, disclosed, or sold in the preceding twelve (12) months. Once we receive your request and verify your identity, we will disclose to you one or more of the following as requested:
o The categories of personal information we have collected about you in the preceding twelve (12) months.
o The categories of sources from which we collected your personal information in the preceding twelve (12) months.
o The business or commercial purposes for collecting your personal information in the preceding twelve (12) months.
o The categories of third parties with whom we shared your personal information in the preceding twelve (12) months.
o The specific pieces of personal information we collected about you in the preceding twelve (12) months.
B. Right to Delete Your Personal Information
If you are a California consumer, you may have the right to request that Extended Stay America delete certain of your personal information that we have collected from you. However, this right to deletion does not apply to any of your personal information that is subject to an exception under the CCPA (as described below). Once we receive your request and verify your identity, we will delete (and direct our service providers to delete) your personal information in our records that is not subject to any of the CCPA exceptions.
We may deny your deletion request where your personal information is required for any of the following reasons, which we will identify in our response to you if we deny your request:
o Complete the transaction for which we collected the personal information, provide a product or service that you requested (e.g., insurance product), take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
o Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
o Debug products to identify and repair errors that impair existing intended functionality.
o Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
o Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
o Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
o Comply with a legal obligation.
o Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
C. Right to Opt-Out of the Sale of Your Personal Information
If you are entitled to any disclosure rights in your jurisdiction regarding our sale of your personal information to non-affiliated third parties or our disclosure of your personal information to third parties for their own direct marketing purposes, this disclosure satisfies those requirements. If you still wish to learn more about our compliance with this requirement, please contact us using the information provided in the “Contact Us” section below.
D. Right to Non-Discrimination
Extended Stay America will not discriminate against any California consumer who exercises any of the rights described above. Specifically, except as permitted by the CCPA, we will not deny you goods or services; charge you different prices or rates, including through granting discounts or other benefits, or imposing penalties; provide you with a different level of service or quality of goods or services; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
E. How to Submit a Request
If you are a California consumer and would like to exercise any of the CCPA rights identified above, you may submit a request by either please click the link below to download the Data Request Form, fill it out, and email to firstname.lastname@example.org or call 1-877-651-2124 to speak to an Extended Stay America representative. The Data Request Form can also be mailed to the following address to the attention of the Privacy Officer at 11525 North Community House Road, Ste. 100, Charlotte, NC 28277.
F. Submitting a Request through Your Authorized Agent
If you are a California consumer, you may have the option to designate an authorized agent to submit a request on your behalf, so long the authorized agent has your written permission to do so and you have taken steps to verify your identity directly with us. If you would like to designate an agent, your agent must register as such with the California Secretary of State and submit a copy of this registration along with your consumer request to us. We may need to contact you directly to verify the request.
G. How We Verify Your Request
To process your request for access or deletion, we must be able to verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us.
To verify your identity, we will ask that you provide the following information when you submit your request:
- To submit your request, please click the below link to download the Data Request Form, complete the form, and email the completed form to email@example.com or call 1-877-651-2124 to speak to an Extended Stay America representative. Additionally, the Data Request Form can also be mailed to the following address to the attention of the Privacy Officer at 11525 North Community House Road, Ste. 100, Charlotte, NC 28277.
Click here to download the Data Privacy Form
When the Privacy Officer receives your request, the Privacy Officer will first verify your identity. The Privacy Officer will confirm your eligibility for response by asking you to provide your name, phone number, email address, home address and address of last Extended Stay America hotel you stayed in. Once the Privacy Officer has verified your identity, the Privacy Officer will begin processing your request.
Depending on your type of request or the information requested by you, we may require additional information in order to verify your identity and fulfill your request. If we are not able to identify a match with our records, we will inform you of that fact.
We will respond to your request within forty-five (45) days. However, in certain circumstances, we may require additional time to process your request, as permitted by the CCPA or other applicable law. We will advise you within forty-five (45) days after receiving your request if such an extension is necessary and why it is needed. Any disclosures we provide will only cover the twelve (12)-month period preceding our receipt of your request. If we cannot fulfill your request, our response to you will also explain the reason why we cannot fulfill your request.
XI. CONTACT US