Sydell Group Privacy Policy

Sydell Group LLC, Sydell Marks LLC, Sydell Hostels LLC, and Sydell Hostel Marks LLC (collectively, “Sydell,” “we,” “us,” or “our”) are committed to providing our customers exceptional service, and to further our goal, we have prepared this Privacy Policy (“Policy”) to address any questions or concerns you may have regarding our use and handling of Personal Information (as defined below). In this Policy, we seek to familiarize you with the type of Personal Information we collect from our guests and website visitors, our practices for protecting this Personal Information, and the way we use this Personal Information to better serve the needs of our guests and visitors. If you have any questions or concerns about privacy after reviewing this Policy, please send an e-mail to legal@sydellgroup.com or letter to:

Sydell Group LLC Legal Department
30 West 26th Street, 12th Floor
New York, NY 10010

Please read this Policy carefully before submitting any Personal Information about you to us. Please note that this Policy does not apply to our processing of Personal Information on behalf of or subject to the instructions of any third parties such as airlines, car rental companies, and other service providers. We recommend that you review the privacy policies of any third-party service providers you may use to ensure adequate protection of your Personal Information. This Policy provides technical details about the steps we take to respect your privacy concerns. We have divided it into subsections allowing you to skip directly to the information of most interest to you.

The Appendix at the end of this Policy contains provisions applicable to EU residents only. If you are an EU resident, please read the Appendix carefully.

I. WHAT IS PERSONAL INFORMATION AND WHAT PERSONAL INFORMATION MAY WE COLLECT FROM YOU?
"Personal Information" is any information that can be used to identify you as an individual. We may collect and process the following categories of Personal Information about you: your name and contact information such as physical address, email address, and telephone number; information related to your reservation or your visit to our properties; information about your purchase of products or services; personal characteristics, including date of birth, gender, and nationality; passport number and date and place of issue; travel history; payment information, including credit card information; dates of and amount of charges for stays at properties; guest preferences, including preferred communication methods and preferred methods of payment; marketing preferences; business name, title and address; reviews and opinions about our brands or properties (if they are identified or associated with you); frequent flyer or travel partner program affiliation and member number; hotel, airline and rental car packages booked; and groups with which you are associated for stays at properties. We may also record similar information on your traveling companions.
In addition, when you visit our website, our servers record information (“log data”), including information that your browser automatically sends whenever you visit the website (e.g., your IP address (from which we understand the country you are connecting from at the time you visit the Site), browser type and settings, and the date and time of your request).

II. WHEN AND WHY WE COLLECT PERSONAL INFORMATION
Any point of interaction between you and Sydell, whether electronic, by phone, or in person, is a point at which we may collect Personal Information and other information from you. We process Personal Information for the following purposes related to operating our business: providing our websites and services to you, completing and fulfilling your reservation and stay (including processing payments, ensuring room availability, providing you with customer service such as confirmations or pre-arrival messages, assisting with meetings, events or celebrations, and ensuring your health and safety), customizing our services for your stay and anticipating your needs to provide you with the best experience possible, communicating with you (including sending promotional offers and customer satisfaction surveys); managing our IT and finance systems; ensuring the security of our premises and our systems; conducting investigations where necessary; compliance with applicable law; improving our websites and services; and, as applicable, recruitment and job applications.Below are examples of when and why we may collect your Personal Information which we provide for your convenience, but please note that this list is not exhaustive.

RESERVATIONS
We collect Personal Information to assist us in making your reservation and to ensure that the services meet your needs. This information helps us customize and personalize your experience in our properties. Maintaining this information on file also allows guests to review prior transaction statements or invoices and see itemized reports on spending.

PROMOTIONS AND MARKETING
This information also enables us to inform you of promotions or other offers or information (always in accordance with applicable laws). Some such promotions require that your Personal Information be shared with a third party, including marketing and communications companies. These companies are under contract with us and are obligated to protect any such Personal Information to which they may have access. If you do not wish to receive such promotions and information from us, you may indicate as such when you stay with us, or you may contact one of our properties, or you may e-mail us at info@sydellgroup.com.

SURVEYS
We also collect Personal Information when we conduct customer satisfaction surveys or focus groups in order to improve our products or services. Such information may be collected by third parties under contract with us, and they are obligated to protect any such information to which they may have access.

ONLINE ACCOUNTS AND SOCIAL MEDIA
We collect Personal Information, including your username and password, when you register for an online account on any of our property’s websites. If you choose to participate in or access Sydell-related social media activities, giveaways, or events, we may collect Personal Information from your social media account with your permission. Such information may include, without limitation: location, activities, interests, photos, status updates, friend lists, and any other information.

EMPLOYMENT APPLICATIONS
We collect Personal Information from individuals who choose to apply to us for employment. Such information includes, without limitation, any information provided in a resume, information on education and employment history, information obtained through background checks, desired salary scale, working permits, and any other information relevant to the application. Any Personal Information obtained by us during the application process may be retained by us for purposes of considering the applicant for employment as well as for management and research purposes.

OTHER TYPES OF INFORMATION
Please note that in addition to the Personal Information described in the foregoing sections, we also may use closed circuit television and other security measures at our properties that may capture or record images of guests and visitors in public areas. You acknowledge that by accessing any of our public spaces, we may capture and use your image for security and investigative purposes. We also may collect additional Personal Information in connection with on-site services, such as concierge services, health clubs, spas, activities, child care services, and equipment rental.

SENSITIVE INFORMATION
Sensitive information refers to information related to your racial or ethnic origin, political opinions, religion or other beliefs, physical or mental health, sexual life, criminal background or trade union membership. We do not generally collect sensitive information unless it is volunteered by you. We may use health data provided by you exclusively to serve you better and meet your particular needs.

If you are an EU resident, please see the Appendix for additional provisions applicable to sensitive information.

III. HOW WE COLLECT PERSONAL INFORMATION
Personal Information may be obtained when you provide it to us, e.g., when making a reservation, when logging onto our w-fi network, through online forms, over the phone, over e-mail, in person, or by any other method covered by this Policy. Except for the security measures discussed above or other areas indicated in this Policy, when we need to collect Personal Information from you, we will ask you to voluntarily supply us with the information we need. The most common examples of such requests are when you make a reservation, which we describe in more detail below. We may also obtain Personal Information when you visit any of our websites or use any features or resources available on or through any of our websites.

SUBSCRIPTIONS

If you wish, you may submit your e-mail address to our subscription list or to receive other information. We will only place you on such lists when you indicate your desire to be included. We do not sell or rent our lists to anyone. Once on such a list, you may ask to be removed from the list at any time. Visitors will always have the ability to accept or decline any form of communication from Sydell.

THIRD PARTIES

We may use third parties to provide us with additional contact information about you based on information you provide to us directly. For example, if we know your name and postal address, we may use a third party to provide us with your e-mail address. We may request your Personal Information from your traveling companion. In such cases, we rely on your companion to obtain your consent for disclosing such information to us.

COOKIES

When you visit our websites, your computer may be provided a cookie, which tracks your preferences. These cookies allow us to provide each visitor with a customized experience. We may also use cookies to collect and maintain aggregate website data (such as the number of visitors to a particular site), which helps us see which areas are popular with our users and which are not. Among other things, this data helps us improve and update the site, based on our visitors’ use information.

We also may collect data by using pixel tags, web beacons, clear GIFs, or similar means that allow us to know when you visit our site and to understand how you interact with our e-mails or advertisements. These methods also collect aggregate data that we hope to use to improve our websites to better suit our visitors and customers preferences.

We process Personal Information through cookies and similar technologies, in accordance with our Cookie Policy.

RESERVATIONS
When making a room reservation, we will ask you for Personal Information necessary for ensuring that your room is properly reserved and your needs are met.

Visitors to websites who elect to make reservations online will be required to create an online account and fill out a profile the first time they make a reservation. When you complete a profile, you will be asked to provide specific information, including your name, address, other contact information, and credit card information as a guarantee and deposit for your reservation. Your transmittal of this information shall constitute your acknowledgment and agreement to the terms and conditions contained in this Policy.

Your credit card number will be verified using a checking sequence, but we do not authorize any payments at this point. Once your reservation is confirmed, the property you have selected will be sent all of the reservation information through a secure network. You can also make a reservation by contacting a particular property directly. When you make a reservation over the phone, we may ask you for information such as your name, address, telephone number, and method of payment. We may also obtain from you any room preferences or special requests. Confirmation of your reservation will be provided to you, generally by email, directly from the property.

PAYMENTS

Any credit/debit card payments and other payments you make through our website will be processed by our third-party payment providers and the payment data you submit will be securely stored and encrypted by our payment service providers using up to date industry standards. Please note that we do not ourselves directly process or store the debit/credit card data that you submit.

IV. HOW WE STORE PERSONAL INFORMATION AND KEEP IT SECURE
We treat the information you provide to us as confidential and have implemented appropriate technical and organizational security measures designed to protect your Personal Information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing, in accordance with applicable law. Information stored at our properties is kept in a secure location, whether in locked filing cabinets or in protected electronic databases. Reservation information is stored in a secure customer database. We also maintain a separate database for Personal Information used for marketing and research purposes. For online transactions, we use technology to protect the Personal Information that you transmit to us via our site. When we ask for your credit card data, it is transferred over a Secured Sockets Layer (SSL) line, provided you are using an SSL-enabled browser. We also use SSL on other pages where you would enter Personal Information. This ensures that your information is encrypted as it travels over the Internet. After information reaches Sydell, it is stored on a secure server behind firewalls designed to block unauthorized access. Please note that no security system or system of transmitting data over the Internet can be guaranteed to be entirely secure.

For your own privacy protection, please do not include sensitive Personal Information, including, without limitation, credit card numbers, in any e-mails you may send to us.

V. HOW WE SHARE PERSONAL INFORMATION
Sydell may share your Personal Information as needed to ensure the best quality service for you. We may share Personal Information with:
(a) other companies in the Sydell family of companies, who may access and process this information for the purposes described above, including to offer products and services to you, but only for the purposes for which we originally collected it;
(b) affiliates, partners, and vendors, who act on our behalf to support our operations;
(c) billing-related companies;
(d) your employer, if you use a corporate credit card;
(e) event organizers associated with any events you plan with us;
(f) third parties you engage in conjunction with our services, such as rental car companies or airlines;
(g) providers of onsite services such as concierge services, spa treatments, excursion experiences, and any other similar services;
(h) law enforcement or emergency responders;
(i) legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
(j) accountants, auditors, lawyers and other outside professional advisors to us, subject to binding contractual obligations of confidentiality;
(k) any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal rights; and
(l) in the event of a merger, consolidation, sale, liquidation or transfer of assets, Sydell may, in its sole and absolute discretion, transfer, sell or assign information collected, including without limitation, both non-Personal Information and Personal Information, to one or more affiliated or unaffiliated third parties.

Third parties with which we are affiliated and to which we provide Personal Information are contractually prohibited from using the information for any purpose other than for the purpose Sydell specifies. If you are an EU resident, please see the Appendix for additional provisions applicable to our use of third party processors.

VI. PERSONAL INFORMATION FROM CHILDREN
Sydell’s websites are not intended for children and we do not knowingly solicit or collect Personal Information from individuals under the age of eighteen (18).

VII. ACCESSING SYDELL FROM WEB-ENABLED MOBILE DEVICES
You can access our websites and make, view, or cancel reservations from web- enabled mobile devices.

VIII. OPTING OUT OF PROMOTIONAL MATERIALS
If you prefer not to receive promotional and marketing materials from us, you may opt out by emailing an opt-out request to an e-mail address that will be provided for such purposes in our promotional and marketing materials, in which case we will update your preferences as soon as reasonably practical.

Please note that if you opt out as described above, we will not be able to remove your Personal Information from the databases of affiliates, partners, or vendors with which we have already shared your Personal Information in accordance with this Policy and applicable laws.

IX. LINKS TO THIRD-PARTY WEBSITES
Our websites may contain links to third parties' websites. We are not responsible for the collection, use, maintenance, sharing, or disclosure of data and information by such third parties. If you provide information on third-party sites, the privacy policy and terms of service on those sites are applicable. We recommend that you review the privacy policies of websites that you visit before submitting Personal Information.

X. APPLICABLE LAW
Sydell’s websites are United States websites and are subject to laws of the United States and the State of New York. Sydell will disclose Personal Information without your permission when required to do so by law or in good faith belief that such action is necessary to investigate or protect against harmful activities to Sydell guests, visitors, associates, or property (including this site), or to others.

If you are a customer who resides in the State of California, you have the right to request from Sydell a list of third parties with whom we have shared Personal Information about you for their own direct marketing purposes during the previous calendar year. Such requests may be made no more than once per calendar year. If you would like to request information about the parties that may have obtained Personal Information from us about you during the calendar year immediately preceding, please contact us by e-mail at legal@sydellgroup.com or by postal mail at:
Sydell Group LLC Legal Department
30 West 26th Street, 12th Floor
New York, NY 10010

We reserve our right not to respond to requests submitted to addresses other the address specified in this paragraph.

XI. POLICY MODIFICATIONS
We may modify this Policy from time to time. Please check this Policy periodically for changes. You can tell when this Policy was last updated by looking at the date at the bottom of the Policy. Any changes to our Policy will become effective upon posting of the revised Policy. Your use of our websites following such changes constitutes your acceptance of the revised Policy.

XII. CONTACT US
If you have any questions about this Policy or how Sydell obtains and uses your Personal Information, please contact us by e-mail at legal@sydellgroup.com or by postal mail at:

Sydell Group LLC Legal Department
30 West 26th Street, 12th Floor
New York, NY 10010

Privacy Policy Last Updated: May 25, 2018


Appendix
Additional terms applicable to EU residents

1. Legal bases for processing Personal Information
In processing your Personal Information in connection with the purposes set out in this Policy, we will rely on one or more of the following legal bases, depending on the circumstances:

a. Consent: we have obtained your prior express consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way);
b. Contractual necessity: the processing is necessary in connection with any contract that you may enter into with us;
c. Compliance with applicable law: the processing is required by applicable law;
d. Vital interests: the processing is necessary to protect the vital interests of any individual; or
e. Legitimate interests: we have a legitimate interest in carrying out the processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms.

2. Legal bases for processing sensitive information
Where it becomes necessary to process your sensitive information for any reason, we rely on one of the following legal bases:

a. Compliance with applicable law: the processing is required or permitted by applicable law (e.g., to comply with our diversity reporting obligations);
b. Detection and prevention of crime: the processing is necessary for the detection or prevention of crime (e.g., the prevention of fraud);
c. Establishment, exercise or defence of legal rights: the processing is necessary for the establishment, exercise or defence of legal rights; or
d. Consent: we have, in accordance with applicable law, obtained your prior, express consent prior to processing your sensitive information (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).

3. Third party processors
Where we engage a third-party processor to process your Personal Information, the processor will be subject to binding contractual obligations to: (i) only process the Personal Information in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Information; together with any additional requirements under applicable law.

4. International transfer of Personal Information
Because of the international nature of our business, we transfer Personal Information within the Sydell family of companies, and to third parties as noted in Section V above, in connection with the purposes set out in this Policy. For this reason, we transfer Personal Information to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.

When you provide your Personal Information to us from the country in which you are located, you are initiating a transfer of your Personal Information to the United States.

5. Data Retention
We take every reasonable step to ensure that your Personal Information is only processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will retain your Personal Information are as follows:

a. we will retain Personal Information in a form that permits identification only for as long as:
i. we maintain an ongoing relationship with you (e.g., where you are a customer of our services, or you are lawfully included in our mailing list and have not unsubscribed); or
ii. your Personal Information is necessary in connection with the lawful purposes set out in this Policy, for which we have a valid legal basis (e.g., where your Personal Information is included in a contract between us and you and we have a legitimate interest in fulfilling our obligations under that contract; or where we have a legal obligation to retain your Personal Information);
b. plus the duration of:
i. any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Information, or to which your Personal Information is relevant); and
ii. an additional two (2) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Information that is relevant to that claim);
c. and, in addition, if any relevant legal claims are brought, we continue to process Personal Information for such additional periods as are necessary in connection with that claim.

During the periods noted in paragraphs 5(b)(i) and 5(b)(ii) above, we will restrict our processing of your Personal Information to storage of, and maintaining the security of, that Personal Information, except to the extent that that Personal Information needs to be reviewed in connection with any legal claim, or any obligation under applicable law.

Once the periods in paragraphs 5(a)-(c) above, as applicable, have concluded, we will either permanently delete or destroy the relevant Personal Information; or anonymize the relevant Personal Information.

6. Accuracy & Minimization
From time to time we may ask you to confirm the accuracy of your Personal Information. We take every reasonable step to ensure that:

a. your Personal Information that we process is accurate and, where necessary, kept up to date;
b. any of your Personal Information that we process that is inaccurate (having regard to the purposes for which they are processed) is erased or rectified without delay; and
c. your Personal Information that we process is limited to the Personal Information reasonably necessary in connection with the purposes set out in this Policy.

7. Your Legal Rights
Subject to applicable law, you may have the following rights regarding the processing of your Personal Information:

a. the right not to provide your Personal Information to us (however, please note that we will be unable to provide you with the full benefit of our websites, products, or services, if you do not provide us with certain Personal Information – e.g., we might not be able to process your requests without the necessary details);
b. the right to request access to, or copies of, your Personal Information, together with information regarding the nature, processing and disclosure of that Personal Information;
c. the right to request rectification of any inaccuracies in your Personal Information;
d. the right to request, on legitimate grounds, (i) erasure of your Personal Information or (ii) restriction of processing of your Personal Information;
e. the right to have certain Personal Information transferred to another controller, in a structured, commonly used and machine-readable format, to the extent applicable;
f. where we process your Personal Information on the basis of your consent, the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the processing of your Personal Information in reliance upon any other available legal bases); and
g. the right to lodge complaints regarding the processing of your Personal Information with a data protection authority (in particular, the data protection authority of the EU Member State in which you live, or in which you work, or in which the alleged infringement occurred, each if applicable).

Subject to applicable law, you may also have the following additional rights regarding the processing of your Personal Information:

• the right to object, on grounds relating to your particular situation, to the processing of your Personal Information by us or on our behalf; and
• the right to object to the processing of your Personal Information by us or on our behalf for direct marketing purposes.

This Policy does not affect your statutory rights. To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our processing of your Personal Information, please use the contact details provided in Section XII above. Please note that:
a. in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights; and
b. where your request requires the establishment of additional facts (e.g., a determination of whether any processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.