Effective Date: September 28, 2022
By using the Service, including booking a hotel room, making a purchase, creating an account or otherwise visiting or using the Service, you acknowledge that you have read this Policy, which may be updated by us at any time. If we update this Policy, we will post the updated version here. Any such changes will be effective when you first visit or use the Service after we post the changes here. If we make any material changes in the way we collect, hold, use, process or share your personal data, we will provide you with appropriate notice before such changes take effect.
For the purposes of this Policy, we are the Data Controller of your personal data. That means that we ‘control’ the personal data you submit through the Service and make certain decisions as to how to use and protect it, but only to the extent that we have informed you about such use or as otherwise permitted by applicable law.
Our legal basis for collecting and using your personal data, as described in this Policy, depends on the information we collect and the specific context in which we collect it. We may process your personal data because:
We need to provide services that you request, such as when you book a hotel room with us, cancel, manage or pay for a hotel reservation, or purchase a souvenir;
You have given us permission to do so;
The processing is in our legitimate interests and it is not overridden by your rights;
For payment processing purposes; or
To comply with, and as otherwise permitted by, applicable laws and regulations.
We collect the following categories of personal data that you choose to provide us through the Service:
first name and last name;
address, state, province, zip/postal code, city and country; and
payment card information.
If you set up an account through the Service, we will also request your name, phone number, email address and a password that you will create to access the account.
If you provide personal data to us about any person other than yourself (e.g., another hotel guest), you must ensure that they understand how their information will be used and disclosed, and that they have given their permission for you to disclose it to us and for you to allow us to use and disclose it as set forth in this Policy.
We may also collect personal data that you give us during your communication with us regarding our services, such as technical support threads. In addition, we may need to use your personal data for audits and compliance with our legal obligations under applicable law.
We use personal data:
to allow you to create, manage and pay for hotel reservations;
to allow you to purchase products, services or amenities through the Service;
to allow you to set up an account on the Service;
to operate and maintain the Service and our hotel properties;
to provide customer support;
to gather analytical data to improve the Service;
to monitor the use of the Service;
to detect, prevent and address technical issues with respect to the Service;
to communicate with you;
to provide you with information about our properties, products or services and to notify you about deals, offers and promotions that we or our affiliates or business partners may make available from time to time;
to comply with applicable laws, regulations, subpoenas, legal process, governmental investigations and regulatory requests or inquiries, and to cooperate with governmental or law enforcement authorities conducting an investigation;
to protect the vital interests of a hotel guest or other individual or to protect persons or property;
with your consent; or
as otherwise described in this Policy.
We collect data in two ways:
data that you provide to us, such as when you book a hotel reservation, make a purchase, create an account, sign up for an email list or request customer support; and
We will not deny you services, charge you a different price, provide a different level or quality of services or otherwise discriminate against you just because you exercise any of your legal rights regarding your personal data; however, if you decline to provide your personal data or ask us to delete it or stop disclosing it, we may be unable to provide you with certain services such as the ability to reserve a hotel room or make a purchase.
If you reside in the European Economic Area (“EEA”) or the United Kingdom (“UK”), you have the rights listed below under the applicable data privacy laws. Some of these rights also apply in additional locations. There may be exceptions to these rights under applicable law. If you wish to contact us to exercise any of these rights, please contact us as set forth below.
The right to access to your personal data.
The right to update or correct your personal data.
The right to object to the use of your personal data.
The right to restrict the use of your personal data.
The right to transfer your personal data to another personal data controller.
The right to the erasure of your personal data.
The right to withdraw consent to the use of your personal data.
The right to opt-out from sales of your personal data to third parties.
Only you, or a person whom you authorize to act on your behalf, may make a request related to your personal data. The request must:
provide sufficient information for us to reasonably verify you are the person about whom we collected personal data or an authorized representative of such person; and
describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal data if you do not take the foregoing actions. Making a request does not require you to create an account with us. We will use personal data provided in a request only to verify your identity or authority to make the request. You have the right to complain to a Data Protection Authority where applicable about our collection and use of your personal data. For more information, please contact your local data protection authority.
In some cases, disclosure of personal data to other persons may involve transferring personal data from a country in the EEA or UK to a country which has been held not to provide a level of protection of personal data equivalent to that provided in the EEA or UK. In particular, personal data from the EEA or UK may be transferred to, stored in and processed in, the United States. If we transfer your personal information out of the EEA or UK to a country not deemed to provide an adequate level of personal information protection for purposes of applicable data protection laws such that additional safeguards are required, the transfer will be performed as permitted by applicable laws.
If we use your personal data for marketing purposes, we will first obtain your consent if required by applicable laws or regulations, which you would be free to withhold, and which you would also be able to withdraw at any time by contacting us as set forth below. In addition, we will include a link in any commercial emails to opt out of receiving future such communications.
We do not track your online behavior over time and across different internet websites or online services. However, some of the third-party services we use may do so. If you want to prevent them from tracking you, you can do so by adjusting the applicable settings on your browser.
We use services provided by third parties, including Google Analytics, Adobe TypeKit and Google Tag Manager. You understand and accept that data protection legislation applicable to such service providers may not be as protective as in your country of residence. By accepting this Policy, you consent to such use of your personal data by these third party service providers. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your personal data.
We will retain personal data only as long as permitted under applicable laws.
We take appropriate technical measures for keeping your personal data confidential and protected against accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access.
The security of your personal data also depends on your protection of your user account. Please use a unique and strong password, and keep your login credentials secret. Also, be sure to log out after having used our services from a shared computer.
We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected personal data from children, we will take steps to remove that information from our servers.
All references herein to “include” or “including” shall be deemed to mean “include without limitation” or “including without limitation,” as the case may be.
If you have any questions or concerns regarding this Policy, including how this Policy may apply to your personal data or to exercise any of your rights with respect to your personal data, please contact us at:
Email: [email protected]
Address: ASH NYC, Attention: Privacy, 153 Lafayette Street, 5th Floor New York, NY 10013 USA