privacy policy

  • Effective Date: September 28, 2022

    This privacy policy (this “Policy”) explains how ASH NYC Inc. and its affiliates (“we,” “us,” “our”) collect, use, hold, share and process any personal data that you provide to us through our websites at https://ash.world and https://alexanderinn.com (collectively, the “Service”). It also describes the measures taken to protect the confidentiality, integrity and security of that personal data and your rights regarding such personal data. 

    By using the Service, including booking a hotel room, making a purchase, creating an account or otherwise visiting or using the Service, you acknowledge that you have read this Policy, which may be updated by us at any time. If we update this Policy, we will post the updated version here. Any such changes will be effective when you first visit or use the Service after we post the changes here. If we make any material changes in the way we collect, hold, use, process or share your personal data, we will provide you with appropriate notice before such changes take effect.

  • For the purposes of this Policy, we are the Data Controller of your personal data. That means that we ‘control’ the personal data you submit through the Service and make certain decisions as to how to use and protect it, but only to the extent that we have informed you about such use or as otherwise permitted by applicable law. 

  • Our legal basis for collecting and using your personal data, as described in this Policy, depends on the information we collect and the specific context in which we collect it. We may process your personal data because:

    • We need to provide services that you request, such as when you book a hotel room with us, cancel, manage or pay for a hotel reservation, or purchase a souvenir;

    • You have given us permission to do so;

    • The processing is in our legitimate interests and it is not overridden by your rights;

    • For payment processing purposes; or

    • To comply with, and as otherwise permitted by, applicable laws and regulations.

  • We collect the following categories of personal data that you choose to provide us through the Service:

    • email address;

    • first name and last name;

    • phone number;

    • address, state, province, zip/postal code, city and country; and

    • payment card information.

    If you set up an account through the Service, we will also request your name, phone number, email address and a password that you will create to access the account.

    If you provide personal data to us about any person other than yourself (e.g., another hotel guest), you must ensure that they understand how their information will be used and disclosed, and that they have given their permission for you to disclose it to us and for you to allow us to use and disclose it as set forth in this Policy.

    We may also collect personal data that you give us during your communication with us regarding our services, such as technical support threads. In addition, we may need to use your personal data for audits and compliance with our legal obligations under applicable law.

  • We use personal data:

    • to allow you to create, manage and pay for hotel reservations;

    • to allow you to purchase products, services or amenities through the Service;

    • to allow you to set up an account on the Service;

    • to operate and maintain the Service and our hotel properties;

    • to provide customer support;

    • to gather analytical data to improve the Service;

    • to monitor the use of the Service;

    • to detect, prevent and address technical issues with respect to the Service;

    • to communicate with you;

    • to provide you with information about our properties, products or services and to notify you about deals, offers and promotions that we or our affiliates or business partners may make available from time to time;

    • to comply with applicable laws, regulations, subpoenas, legal process, governmental investigations and regulatory requests or inquiries, and to cooperate with governmental or law enforcement authorities conducting an investigation;

    • to protect the vital interests of a hotel guest or other individual or to protect persons or property;

    • with your consent; or

    • as otherwise described in this Policy. 

  • We collect data in two ways:

    • data that you provide to us, such as when you book a hotel reservation, make a purchase, create an account, sign up for an email list or request customer support; and

    • data that we and our service providers collect automatically through the use of cookies and similar technologies, as described below.

  • We may share your personal data:

    • among our affiliated companies;

    • with service providers, suppliers and subcontractors to facilitate and make the Service accessible to our visitors and as otherwise detailed below; 

    • with analytics providers, as detailed below, and search engine providers; 

    • if we sell or buy any businesses or assets or merge any business or operations into or with those of another person or entity, in which case we may disclose your personal data to the prospective counterparty in such transaction and such data may be one of the assets transferred in such transaction; 

    • to comply with applicable laws, regulations, subpoenas, legal process, governmental investigations, regulatory requests or inquiries, to cooperate with law enforcement, to assert or defend against legal claims, to protect our and others’ rights, property, or safety, and for the purposes of crime and fraud prevention and remediation;

    • as required to conduct our business and pursue our legitimate interests;

    • as otherwise specified in this Policy; or

    • to any other party with your consent.

    Analytics

    We use third party tools to gather statistical information about users of the Service and to help improve and optimize the Site. Those tools, which may use cookies, may include:

    • Google Analytics

    • Adobe TypeKit

    • Google Tag Manager

    To learn more about Google Analytics and how Google collects and processes data, see www.google.com/policies/privacy/partners.

    Cookies 

    Cookies are small text files stored by your browser on your computer when you visit websites, which allow for the collection of certain information about your use of the websites. We use cookies to make the site work and improve its functionality.

    Some of these cookies are essential for your use of the Service, but you have the choice to refuse the use of all non-essential cookies either by adjusting your browser settings or, where applicable, through our cookie consent page. 

    To find out more about cookies please visit: www.allaboutcookies.org or www.youronlinechoices.eu.

    Social media

    We use third-party social media tools on our website, such as Facebook, Twitter and Instagram. These services may collect personal data and are subject to the privacy policies on those platforms. 

    Payments

    We sometimes provide an opportunity on the Service to make purchases, such as hotel room bookings, amenities and souvenirs. You will need to provide payment card information for such purpose. We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal data is governed by their privacy policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information. The payment processor we work with is Shift4, but we may change payment processors and work with additional payment processors from time to time. We encourage you to review the privacy policy of Shift4 at https://www.shift4.com/privacy-policy.

  • We will not deny you services, charge you a different price, provide a different level or quality of services or otherwise discriminate against you just because you exercise any of your legal rights regarding your personal data; however, if you decline to provide your personal data or ask us to delete it or stop disclosing it, we may be unable to provide you with certain services such as the ability to reserve a hotel room or make a purchase.

    If you reside in the European Economic Area (“EEA”) or the United Kingdom (“UK”), you have the rights listed below under the applicable data privacy laws. Some of these rights also apply in additional locations. There may be exceptions to these rights under applicable law. If you wish to contact us to exercise any of these rights, please contact us as set forth below.

    • The right to access to your personal data.

    • The right to update or correct your personal data.

    • The right to object to the use of your personal data.

    • The right to restrict the use of your personal data.

    • The right to transfer your personal data to another personal data controller.

    • The right to the erasure of your personal data.

    • The right to withdraw consent to the use of your personal data. 

    • The right to opt-out from sales of your personal data to third parties.

    Only you, or a person whom you authorize to act on your behalf, may make a request related to your personal data. The request must:

    • provide sufficient information for us to reasonably verify you are the person about whom we collected personal data or an authorized representative of such person; and

    • describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

    We cannot respond to your request or provide you with personal data if you do not take the foregoing actions. Making a request does not require you to create an account with us. We will use personal data provided in a request only to verify your identity or authority to make the request. You have the right to complain to a Data Protection Authority where applicable about our collection and use of your personal data. For more information, please contact your local data protection authority.

  • In some cases, disclosure of personal data to other persons may involve transferring personal data from a country in the EEA or UK to a country which has been held not to provide a level of protection of personal data equivalent to that provided in the EEA or UK. In particular, personal data from the EEA or UK may be transferred to, stored in and processed in, the United States. If we transfer your personal information out of the EEA or UK to a country not deemed to provide an adequate level of personal information protection for purposes of applicable data protection laws such that additional safeguards are required, the transfer will be performed as permitted by applicable laws.

  • If we use your personal data for marketing purposes, we will first obtain your consent if required by applicable laws or regulations, which you would be free to withhold, and which you would also be able to withdraw at any time by contacting us as set forth below. In addition, we will include a link in any commercial emails to opt out of receiving future such communications.

  • We do not track your online behavior over time and across different internet websites or online services. However, some of the third-party services we use may do so. If you want to prevent them from tracking you, you can do so by adjusting the applicable settings on your browser.

  • We use services provided by third parties, including Google Analytics, Adobe TypeKit and Google Tag Manager. You understand and accept that data protection legislation applicable to such service providers may not be as protective as in your country of residence. By accepting this Policy, you consent to such use of your personal data by these third party service providers. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your personal data.

  • We will retain personal data only as long as permitted under applicable laws.

  • We take appropriate technical measures for keeping your personal data confidential and protected against accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access. 

    The security of your personal data also depends on your protection of your user account. Please use a unique and strong password, and keep your login credentials secret. Also, be sure to log out after having used our services from a shared computer.

  • Our service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

  • We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected personal data from children, we will take steps to remove that information from our servers.

  • All references herein to “include” or “including” shall be deemed to mean “include without limitation” or “including without limitation,” as the case may be.

  • If you have any questions or concerns regarding this Policy, including how this Policy may apply to your personal data or to exercise any of your rights with respect to your personal data, please contact us at:

    • Email[email protected]

    • Address: ASH NYC, Attention: Privacy, 153 Lafayette Street, 5th Floor New York, NY 10013 USA