Table Of ContentsHoliday Inn San Francisco Privacy and Cookies Statement
- Withdrawing Consent To Use
- Processing In The Context Of Visiting Our Websites
- Information On Other Processing Operations
- Information On (Categories Of) Recipients
- Information On Retention Periods
- Information On Data Subject Rights
- California Residents – Your Privacy Rights
- European Users’ Rights With Respect To Personal Data
- Right Of Access And Information (Art. 15 Of The GDPR)
- Right To Rectification (Art. 16 Of The GDPR)
- Right To Be Forgotten (Art. 17 Of The GDPR)
- Right To Restriction Of Processing (Art. 18 Of The GDPR)
- Right To Data Portability (Art. 20 Of The GDPR)
- Right Of Objection (Art. 21(1) Of The GDPR)
- Right OF Objection To Direct Marketing (Art. 21(2) Of The GDPR)
- Automated Decisions (Art. 22 Of The GDPR)
- Right To Lodge A Complaint
- Changes To This Privacy Statement
Holiday Inn San Francisco Privacy and Cookies Statement
In this Privacy Statement we, Holiday Inn San Francisco (“We”) will inform you about how we process and use personal data and on the specific rights you have in connection with your personal data.
Protecting Your InformationOur hotel is committed to safeguarding your privacy while visiting the Hotel website, namely, http://www.hisfo.com/. Our goal is to provide you with an Internet experience that delivers the information, resources and services that are most relevant to you. To achieve this goal, part of the operation of the Site includes the gathering of certain types of information about Site users. Because we understand that your privacy is important, we wish to explain the types of information we gather and the way in which we use it. We would like our Site visitors to feel confident about using the Site to plan and purchase their accommodations, so we are committed to protecting the information we collect. We have implemented a security program with a web design and maintenance firm to keep information that is stored in our systems protected from unauthorized access. Our Site is hosted in a secure environment. The Site servers/systems are configured with data encryption, or scrambling, technologies, and industry-standard firewalls. When you enter personal information during the reservation process, or during a customer email sign-up, your data is protected by Secure Socket Layer (SSL) technology to ensure safe transmission.
Secure ReservationsIf you decide to make an online reservation at our website http://www.hisfo.com/ (“Site”), you will be linked to a reservation interface and a third-party booking engine (“Booking Engine”). While it appears to be part of our site, the Booking Engine is in fact provided by a third party and is governed by its privacy practices.
What Information Is Collected About You? How Do We Use It?We take the utmost care to ensure that the personal information we obtain from you is not used in a way that you may be unaware of or not agreeable to. You may wish to submit an information request about our Hotel, participate in one of our promotions or subscribe to our e-mail or postal mail lists. In response, we may ask for information such as your name and postal address. In the event you opt to provide us with this information, we will only use it for the purpose specified by you at the bottom of the information gathering form.
Information Collected On The Site May Be Used To
- Register you as a Hotel member
- Plan and purchase hotel accommodations
- Enter your email in our promotions or sweepstakes
- Send marketing communications or surveys to you
- Respond to your questions or suggestions
- Improve the quality of your visit to our site
GDPRThe GDPR is a data privacy law adopted by the European Union that governs how companies collect, use, share and store information about data subjects. It applies not only to companies located in the European Union, but also to companies outside of the European Union if they “offer goods or services” in the European Union. You have a number of rights under the GDPR, including the right to be forgotten (also known as “erasure” or the “right to be deleted”), the right to have access to the data that a company keeps about them, the right to modify the data that a company may have about them, and the right to portability, which means that you can us to export to you. the data we have about you.
Links Provided To Other SitesOur hotel may provide links to a number of other web sites that we believe might offer you useful information and services. However, those sites may not follow the same privacy policies as us. Therefore, we are not responsible for the privacy policies or the actions of any third parties, including without limitation, any web site owners whose sites may be reached through this Site, nor can we control the activities of those web sites. We urge you to contact the relevant parties controlling these sites or accessing their on-line policies for the relevant information about their data collection practices before submitting any personal information or other sensitive data.
Processing in the Context of Visiting our Website
Information We CollectWhen you visit our website, our web server will temporarily record the domain name or IP address of the requesting computer, the access date, the file request of the client (file name and URL), the HTTP response code and the website from which you are visiting us, the number of bytes transferred during the connection and, if applicable, other technical information that we use and statistically evaluate for the technical implementation of the website’s use (delivery of the content, guaranteeing the website’s functionality and security, protection against cyberattacks and other abuses). It is necessary to store and process the information referred to above for the duration of your session in order to deliver our website content to your computer. We also store some of this information in the log files of our servers. We will not combine this information with your IP address or other personal data relating to you except as disclosed below. This processing will take place for the fulfilment of the existing contract of use with you, as far as it serves the purpose of the technical implementation of the website’s use and to otherwise protect our legitimate interest in making our website as user-friendly, safe and attractive as possible and in promoting the sale of our products and services. We will assume that your interests do not conflict with this, because the measures described below are taken in order to limit processing to an appropriate degree. We will also use the data described above to draw conclusions about your interests from your use and to adapt our website’s offerings according to your interests (profiling) in order to make our website as user-friendly, safe and attractive as possible and thus promote the sale of our products and services. We do this for the preservation of our aforementioned legitimate interests and, where applicable, on the basis of your consent as described below. For further information please refer to the following Section.
Types of CookiesThere are two different types of cookies used:
- Session Cookies: Also called transient cookies, are cookies that are temporarily stored in your browser for the duration of a browser session, and they typically will store information in the form of a session identification and no further information personally identifying you.
- Persistent Cookies: Also called permanent or stored cookies, are cookies that are stored on your hard drive until they expire (persistent cookies are set with expiration dates) or until you delete the cookie. Persistent cookies are used to collect identifying information, such as web surfing behavior or user preferences for a specific web site.
- Required Cookies
- Functionality Cookies
- Targeting / Advertising Cookies.
- Personalization: For example, your language preference is remembered.
- Session Management: To ensure that your session is routed to the correct system for the duration of your visit.
- AB Testing / Multivariate Testing: We can display multiple versions of a page to a user to assess which generates the best user experience.
- Advertising: We can display advertising content depending on location, language, and your past browsing history.
Required CookiesWe use a number of cookies which are strictly necessary to allow you to access our websites, to move between pages and to receive services which you have requested. The types of data collected are:
- session identifier
- IP address, and information generated from anonymized IP address that includes
- a computer host name
- geographic location
- time of visit
- webpage URL
- referring website
- security tokens (for authentication and information submission, like RFP forms)
- Authentication Cookies: Provide an authentication method of a secure log-in.
Functionality CookiesWe use functionality cookies to allow us to remember your preferences. For example, cookies save you the trouble of selecting your language or currency every time you access the website and recall your customization preferences. We utilize other cookies to analyze how our visitors use our websites and to monitor website performance. This allows us to provide a high-quality experience by customizing our offering and quickly identifying and fixing any issues that arise. For example, we might use performance cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages.
- DoubleClick: These cookies may also be used by advertisers to allow third parties to serve advertisements to you when you are on other sites. These ads may be adapted to be relevant to you based on your use of the website. This is done on an anonymized basis, using non-personally identifiable information.
- Demographics: Target ads based on how well products and services trend with users in certain locations, ages, genders, and device types.
- In-market: Show ads to users who have been searching for products and like-services.
- Custom intent audiences: Choose words or phrases related to the people that are most likely to engage with sites and make purchases by using "custom intent audiences."
- Similar audiences: Target users with interests related to those on remarketing lists.
- Remarketing: Target users that have already interacted with our ads, website, or app.
Data Retention and DeletionLog files are deleted after 790 days. Session cookies expire and are deleted at the end of your browser session. Persistent cookies may be set to expire from 30 days to 1 year depending on the function of the cookie. After expiry of those periods information will be deleted or made anonymous.
Use of AnalyticsOur website uses Google Analytics, a web analysis service of Google. You can find further information on how Google Analytics uses information from sites or apps that use its services here: https://analytics.google.com/analytics/web/ Google Analytics uses so-called “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website such as
- browser type and version,
- operating system of your computer,
- referrer URL (i.e. the page last visited),
- host name of accessing computer (IP address),
- date and time of server request
Use Of Aggregated DataHotel is interested in improving the Site and may develop and offer new features and services. We monitor aggregated data regarding use of the Site for marketing purposes and to study, improve and promote use of the Site. In connection with such purposes, Hotel may share aggregated data with third parties collectively and in an anonymous way. Disclosure of aggregated data does not reveal personal information about individual Site users in any way that identifies who they are or how to contact them.
Information on Other Processing Operations
Processing in the Context of NewslettersIf you register via our website or by other means to receive electronic newsletters, we will store and process your registration data (the registration form will show you which registration data we collect and store and whether entries are mandatory or voluntary) for an unlimited period of time until you unsubscribe or we cancel the newsletter dispatch in order to fulfil the existing contract with you for the receipt of the newsletter. The IP address assigned to you by the internet service provider (ISP), and the date and time of registration will also be stored when you register. The purpose of this is to protect our legitimate interest in preventing and, if necessary, prosecuting misuse of our services. In addition, we will store and process your consent to receive the newsletter for the retention period specified below. This serves to protect our legitimate interest in being able to prove in the event of a dispute that you wished to receive the newsletter. After termination of your registration for the receipt of newsletters, we will retain the registration data, the IP address, date and time of registration and your consent for up to six months. This serves to protect our legitimate interest in being able to restore this data in the event of unintentional deletion; or in establishing, exercising or defending legal claims in connection with the registration for, and consent to, receipt of newsletters. We will assume that your interests do not conflict with this, because the retention period is appropriate with respect to the interests to be protected. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent unauthorized use of your e-mail address by another person.
Processing in the Context of Registration or Use of the Contact FormIf you register on our website and create a user account (the registration form will show you which registration data we collect and store and whether entries are mandatory or voluntary), all personal data collected in connection with this user account will be stored in this user account until you request to delete the user account or until we cancel the user account for the performance of our contractual relationship on use of the respective website or web service. The IP address assigned to you by your internet service provider (ISP), and the date and time of registration will also be stored when you register. The purpose of this is to protect our legitimate interest in preventing and, if necessary, prosecuting misuse of our services. After de-registration of your user account, we will retain all data for up to six months. This serves to protect our legitimate interest in being able to restore this data in the event of unintentional deletion; or in establishing, exercising or defending legal claims in connection with our contractual relationship. We will assume that your interests do not conflict with this because the retention period is appropriate with respect to the interests to be protected. Our website contains a contact form which you can use to submit communications to us. When submitting information through the contact form, you are required to enter certain information which we will use for responding to your request. The contact form enables you to submit additional information on a voluntary basis. If you provide us with personal data via the user account or the contact form for a purpose beyond the use of the website or respective web service, such as sending us an offer or product information, we will also store and process this data for this purpose. In order to find more information on how we store and process such data, you will need to refer to the Section of this Privacy Statement that is pertinent to the respective purpose.
Information on (Categories of) Recipients
Operation of Website By Digital HospitalityOur website is operated on our behalf by Digital Hospitality, 201 - 110 Cambie Street, Vancouver BC. We have concluded a contract processing agreement with Digital Hospitality to ensure that the website is operated, and personal data is processed, only on our behalf and in accordance with our instructions.
General Information on Recipients, Categories of Recipients and TransfersAll of our servers and databases may be operated, maintained or further developed by additional processors or other contractors. They may have access to your data. Where we store and process data for the performance of contracts, we may pass these data on to agents and contractors we employ for such performance (e.g. to carriers for transportation purposes). Where we store and process data for communication with you, we may use additional processors or contractors in order to process or transmit electronic or paper correspondence with you (e.g. letter shops, mailing service providers), who will then have access to your data. We will transfer your personal data to competent law enforcement, regulatory or other authorities, institutions or bodies if we are legally obligated to do so or if we have a legitimate interest in averting coercive measures of such authorities, institutions or bodies within the scope of their legal responsibilities. Such legally required or necessary transmissions are not the subject of this Privacy Statement.
Information on Retention Periods
Our data retention and deletion policy takes into account the principle that personal data should be retained for limited periods even after the storage purpose has become obsolete, in order to preserve our legitimate interest in preventing unintentional deletions, in enabling the establishment, exercise or defense of legal claims and in rendering the administration of retention and deletion periods practicable. We assume that your interests do not conflict with this, because these additional retention periods are appropriate with respect to the interests to be protected.
Unless detailed information on deletion periods has already been provided above, the following general deletion periods will apply in accordance with our data retention and deletion policy. Where data fall under several different deletion periods, the longest will always apply:
We will retain customer data for the duration of the customer relationship. After the end of the customer relationship such data will continue to be retained for as long as these data are necessary for the maintenance of the customer account and for the administration of documents or data relating to the customer which fall into any of the categories identified herein below. Otherwise customer data will be deleted after expiry of 1 year.
For compliance with the statutory retention period for commercial letters and tax documents we will retain correspondence, invoices, and other booking documentation for 7 years.
We will retain contract-related data and documents for 7 years after the end of the contractual relationship in view of the statutory limitation period for claims and statutory document retention obligations for booking receipts.
If the term “erasure” or "deletion" is used in this Privacy Statement, we reserve the right to anonymize the relevant data record, such that it can no longer be assigned to you, instead of complete deletion.
Anonymized data may be processed and used by us and our processors for an unlimited period. The processing and use of anonymized data is not subject to the GDPR and is not the subject of this Privacy Statement.
General Information on Retention Periods and Anonymization
We have enacted a data retention and deletion policy in order to ensure that personal data are only stored for as long as necessary for their purpose.
General Information on Retention Periods and AnonymizationWe have enacted a data retention and deletion policy in order to ensure that personal data are only stored for as long as necessary for their purpose.
Information on Data Subject Rights
California Residents – Your Privacy RightsUnder California Civil Code Section 1798.83, California residents who provide us with personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us one time per calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year. To obtain this information from us, please send your request to the following address: https://www.oag.ca.gov/privacy You must put the statement "Your California Privacy Rights" in the subject field of your writing if you write to us at the designated mailing address. You must include your name, street address, city, state, and zip code. We will respond to you within 30 days at your mailing address, or at our option, at your e-mail address if you provide it to us. We are not responsible for notices that are not labeled or sent properly, or do not have complete information.
European Users’ Rights with Respect to Personal DataYou as the data subject have certain rights with regard to your personal data, which we will explain to you below:
Right of Access and Information (Art. 15 of the GDPR)You have the right, where the statutory requirements are met, to request from us at any time, at no cost, confirmation as to whether personal data relating to you is being processed, a copy of this data and comprehensive information on this personal data. This right extends in particular, without limitation, to the purposes of processing, the categories of personal data being processed, the recipients, the storage period and the origin of the data.
Right to Rectification (Art. 16 of the GDPR)You have the right to request us to rectify incorrect and incomplete personal data concerning you without delay, where the statutory requirements are met.
Right to be Forgotten (Art. 17 of the GDPR)You have the right to demand from us the immediate deletion of personal data concerning you, where the statutory requirements are met, if, among other reasons, their storage is no longer necessary or unlawful, if you withdraw your consent on which their storage was based, if you have validly objected to their storage in accordance with below Sections, if we are obligated to delete them for any other reason or if the data were collected as part of a web service. If we have made the data public, in addition to deletion of the data, we must also inform other controllers in such cases that you have requested the deletion of this data and all references thereto, insofar as this is reasonable in view of the available technology and the implementation costs. The above obligation does not apply in certain exceptional cases, in particular storage for the purpose of establishing, exercising or defending legal claims.
Right to Restriction of Processing (Art. 18 of the GDPR)You have the right to request us, where the statutory requirements are met, to restrict the processing of personal data relating to you, for example if you dispute their accuracy, the storage is no longer necessary or is unlawful and you still do not wish to have it deleted or if you have filed an objection to the processing (see below) as long as it has not yet been established whether our legitimate reasons outweigh yours.
Right to Data Portability (Art. 20 of the GDPR)If automated processing of personal data occurs solely on the basis of your consent or to fulfil a contract with you or to implement pre-contractual measures, you have the right to require us, subject to statutory requirements, to make available the personal data in relation to yourself that you have provided to you or to a third party you designate, if this is technically feasible, in a structured, current and machine-readable format and not to impede its transfer to a third party.
Right of Objection (Art. 21(1) of the GDPR)You have the right to require us, where the statutory requirements are met, to no longer process personal data relating to you which we process for the performance of a task which is in the public interest or for the protection of our legitimate interests or those of a third party, if you object to such processing for reasons which arise from your particular situation. In this case we must desist from further processing unless there are compelling grounds for processing which outweigh your interests or the processing is carried out for the establishment, exercise or defense of legal claims.
Right of Objection to Direct Marketing (Art. 21(2) of the GDPR)You can object to the further processing of your personal data for direct marketing purposes at any time, and we will consequently refrain from processing them for this purpose. This also applies to profiling insofar as it is associated with such direct marketing.
Automated Decisions (Art. 22 of the GDPR)We will not make any decisions without your consent which produce legal effects concerning you or similarly significantly affect you and that are based exclusively on automated processing (including profiling).
ConsentsIf you consent to processing, this is voluntary, unless we inform you otherwise in advance, and the refusal of consent will not be sanctioned. You can withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Processing on a legal basis other than your consent will also be unaffected by such withdrawal. However, you may also exercise the above statutory rights in this respect (e.g. the right of objection as described above). In particular, you may withdraw any consent to the use of your e-mail address or telephone number for direct marketing at any time and may object to any further use of your e-mail address or telephone number for this purpose at any time, free of charge (other than communication costs payable to your provider).
Right to Lodge a ComplaintYou have the right to lodge a complaint with a supervisory authority. This may include, among others, the supervisory authority responsible for your place of residence or the supervisory authority generally responsible for our representative (See above).
ContactPlease send an email to firstname.lastname@example.org to exercise any of the above rights. You may be required to identify yourself to us as a data subject to exercise your rights.
Check In Time: 3 p.m.
Check Out Time: 12 p.m.