Facebook
tracking

The Plaza Hotel General Privacy Policy

Introduction

Our Privacy Commitment
The Plaza Hotel understands the right to privacy and is committed to keeping all your Personal Data secure.

About this Privacy Policy
This Privacy Policy is an overview of how The Plaza Hotel processes personal information about individuals.

The list below sets out what is covered in this Privacy Policy and you can click on the headings below to go to a specific section:

  1. SCOPE AND RELATIONSHIP WITH ACCOR SA
  2. DEFINITIONS
  3. TYPES OF INFORMATION WE PROCESS
  4. WHY WE PROCESS YOUR INFORMATION
  5. CHILDREN
  6. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTY
  7. INTERNATIONAL TRANSFERS OF PERSONAL DATA
  8. HOW WE SAFEGUARD YOUR INFORMATION
  9. HOW LONG WE KEEP YOUR PERSONAL DATA
  10. YOUR RIGHTS
  11. CONTACT US
  12. UPDATES TO THIS PRIVACY POLICY

1. SCOPE AND RELATIONSHIP WITH ACCOR SA

This Privacy Policy governs the handling of Personal Data by The Plaza Hotel while carrying on commercial business and activities.

We use the following definitions in this Privacy Policy: The Plaza Hotel“, “we or “us” means The Plaza Hotel and Accor SA.

Most Accor branded hotels are operated under a franchise or management agreement between the hotel’s owner and Accor SA (or one of its subsidiaries across the world).

When staying in one of these hotels, your personal data will be processed by the hotel and by Accor SA, both acting as Data Controllers for their own, separate, purposes.

Accor SA will process your data because it manages a central booking engine, which allows Accor SA to collect the data necessary to organise your stay in hotels under an Accor brand and to communicate this data to the concerned hotels. Accor SA also manages a global database of clients who stay in hotels under an Accor brand and Accor SA also manages the ALL loyalty programs. To know more about data processing activities under Accor SA’s control, please see the Accor Personal Data Protection Charter.

The Plaza Hotel will process your data to manage its contractual relationship with you (invoicing, payment, booking management etc.), to perform marketing activities and to comply with its legal obligations.

2. DEFINITIONS

“Personal Data” means any data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of The Plaza Hotel (or its representatives or service providers). In addition to factual information, it includes any expression of opinion about an individual and any indication of the intentions of The Plaza Hotel or any other person in respect of an individual.

“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. TYPES OF INFORMATION WE PROCESS

We may process information about you including, but not limited to:

  • General information, such as name, postal and/or email address, phone number, date of birth, job title, and other information such as photographs and digital imagery, payment-related information, government issued identification in accordance with applicable law (e.g. driving license, passport, professional license number), agreements, your communications preferences; queries you make to The Plaza Hotel;
  • Digital information generated from your use of our websites and mobile applications, such as IP address, geo-localization, device ID and data transmitted via cookies;
  • For more information on the cookies used by The Plaza Hotel please see our Cookie Policy below.

4. REASONS FOR PROCESSING YOUR INFORMATION

We may process your Personal Data for purposes including, but not limited to:

  • Proceeding with the orders of our products and services;
  • Responding to enquiries, and inviting individuals to our events;
  • Making reservations and responding to inquiries about our event venues;
  • Conducting surveys and interviews with prospective customers and website visitors to improve our products and services;
  • Providing information about our products and services;
  • Complying with regulatory obligations;
  • Improving the content, functionality and usability of our websites;
  • Personalising the content of our websites according to the user’s interests;
  • Managing and administrating our business; and
  • Any other purpose identified in applicable Privacy Notices , or other agreement between you and The Plaza Hotel. When you make a reservation on a business partners’ website, take the time to read their privacy notice if you want to understand how these business partners may process your personal data.

Where we process Personal Data, we make sure that we have a lawful basis, including:

  • Receiving and evaluating information is necessary to perform our contractual obligations with our customers;
  • You have provided the required consent (in which cases, such consent can be withdrawn at any time);
  • Processing is necessary to comply with legal and regulatory obligations;
  • Processing is necessary to protect the vital interests of an individual;
  • Processing is in the public interest;
  • Processing is necessary to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
  • Processing is in The Plaza Hotel’s legitimate interests, such as
    • managing and administrating the operation of our business effectively and efficiently;
    • complying with internal policies and procedures;
    • monitoring the use of our copyrighted materials;
    • conducting scientific and statistical research;
    • improving our products and services;
    • enabling quick and easy access to information on The Plaza Hotel offerings and services;
    • offering optimal, up-to-date security solutions for IT systems and mobile devices; and obtaining further knowledge of current threats to network security to update our security solutions and provide these to the market.

5. CHILDREN

We will not collect personal information for children under the age of 13 without prior, verifiable consent from his or her legal representative.

6. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES

We may share your Personal Data within the The Plaza Hotel and its managers and owners for the purposes described above.

We may also share your Personal Data outside of the The Plaza Hotel for the following purposes:

  • With third party agents and contractors for the purposes of providing services to us (for example, web design, web support, information technology and communications providers). These third parties will be subject to appropriate data protection obligations and they will only use your Personal Data as described in this Privacy Policy;
  • To the extent required by law, for example if we are under a duty to disclose your Personal Data to comply with any legal obligation (including, without limitation, to comply with tax reporting requirements and disclosures to regulators), or to establish, exercise or defend its legal rights;
  • If we sell our business or assets, in which case we may need to disclose your Personal Data to the prospective purchaser for due diligence purposes; and
  • If we are acquired by a third party, in which case the Personal Data under our control about you, will be disclosed to the third-party buyer.

7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

The Plaza Hotel is an establishment that serves global customers. Our customers and our operations are connected globally. As a result, we collect and transfer Personal Data on a global basis. That means that we may transfer your Personal Data to locations outside of your country.

Where we transfer your Personal Data to a country located outside the European Economic Area (‘EEA’), we will ensure that it is protected and transferred in a manner consistent with the legal requirements. In relation to data being transferred outside of the EEA, for example, this may be done in one of the following ways:

  • The country that we send the data to might be approved by the European Commission as offering an adequate level of protection for Personal Data;
  • The recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your Personal Data;
  • Where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or
  • In other circumstances the law may permit us to otherwise transfer your Personal Data outside Europe.

8. HOW WE SAFEGUARD YOUR INFORMATION

We have extensive controls in place to maintain the security of our information and information systems. Personal Data is protected with safeguards according to the sensitivity of the relevant information. Industry best practice security controls are in place and monitored on a regular basis. Electronic and physical access to systems where Personal Data is gathered, processed or stored is limited and controlled.

As a condition of employment, The Plaza Hotel’s employees are required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive Personal Data is limited to those employees who need to know it to perform their roles. Unauthorised use or disclosure of confidential client information by a The Plaza Hotel employee is prohibited by policy and may result in disciplinary measures.

9. HOW LONG WE KEEP YOUR PERSONAL DATA

How long we will hold your Personal Data for will vary and will be determined by the following criteria:

  • The purpose for which we are using it – The Plaza Hotel will need to keep the data for as long as is necessary for satisfying that purpose;
  • Legal obligations – laws or regulation may set a minimum period for which we have to keep your Personal Data.
  • Events and Venue inquiries received from The Plaza Hotel website will be retained for not more than 18 months from the date of submission.
  • “Send a Note to Eloise” form submissions will be retained for not more than 18 months from the date of submission.
  • Additions to The Plaza Hotel mailing list are user dependent. A subscriber (recipient of the mailing list) can unsubscribe at any time.

10. YOUR RIGHTS

Under the applicable law (e.g. European data privacy law), you may have the following rights:

  • The right to obtain information regarding the Processing of your Personal Data and access to the Personal Data which we hold about you;
  • The right to withdraw your consent to the Processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation;
  • In some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided directly to The Plaza Hotel;
  • The right to request that we rectify your Personal Data if it is inaccurate or incomplete;
  • The right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data, but we are legally entitled to retain it;
  • The right to object to, or request that we restrict, our Processing of your Personal Data in certain circumstances. There may be circumstances where you object to, or ask us to restrict, our Processing of your Personal Data, but we are legally entitled to refuse that request;
  • The right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us; and
  • The right to provide instructions regarding the Processing of data after your death.

You can exercise your rights by contacting us using the details listed in paragraph 11 below.

11. CONTACT US

If you have any questions about this Privacy Policy, or to obtain more information about The Plaza Hotel’s handling of your Personal Data or anything data related request, please contact our Data Protection Officer using the following contact information:

Address:

Attention: Data Protection Officer
768 Fifth Avenue
New York, NY 10019

Email Address:

PLZ.DataProtection@fairmont.com

Verifying the identity of the requester

For the purposes of confidentiality and personal data protection, we will need to check your identity in order to respond to your request. In case of reasonable doubts concerning your identity, you may be asked to include a copy of an official piece of identification, such as an ID card or passport, along with your request. A black and white copy of the relevant page of your identity document will suffice.

We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from our Privacy Officer, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, The Plaza Hotel’s Privacy Officer will provide you with the contact information for that regulator.

12. UPDATES TO THIS PRIVACY POLICY

We may change this Privacy Policy at any time. Any changes will become effective when we post the revised Privacy Policy on this website. Your use of our services following these changes means that you accept the revised Privacy Policy. We recommend that you regularly review the Privacy Policy when you visit our website.

This policy was last updated in December 16, 2022.

NOTICE TO CALIFORNIA RESIDENTS

The California Consumer Privacy Act (CCPA) requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, and sale of personal information and of the rights of California residents regarding their personal information.

The CCPA defines “personal information” to mean information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include information that is publicly available, deidentified or aggregate information.  For purposes of this “Notice to California Residents” section we will refer to this information as “Personal Information.”

RIGHT TO KNOW ABOUT PERSONAL INFORMATION COLLECTED, DISCLOSED, OR SOLD

Your Right

If you are a California resident, you have the right to request that we disclose what Personal Information we have collected about you. This right includes the right to request any or all of the following:

  • Specific pieces of Personal Information that we have collected about you;
  • Categories of Personal Information we have collected about you;
  • Categories of sources from which the Personal Information was collected;
  • Categories of Personal Information that we sold (if applicable) or disclosed for a business purpose about you;
  • Categories of third parties to whom the Personal Information was sold (if applicable) or disclosed for a business purpose; and
  • The business or commercial purpose for collecting or, if applicable, selling Personal Information.

The CCPA defines “sell” to mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California resident’s Personal Information to another business or a third party for monetary or other valuable consideration.

How to Submit a Request to Know

You may submit a request to know through our secure interactive web form available here, CCPA Request Form, or by contacting our Data Protection Officer using the following information.

Address:

Attention: Data Protection Officer
768 Fifth Avenue
New York, NY 10019

Phone:

833.244.4421

Email Address:

PLZ.DataProtection@fairmont.com

Only you, or a person or corporate entity registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.

Verifying the identity of the requester

The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with adequate detail that allows us to properly understand, evaluate, and respond to it.

RIGHT TO DELETION (AKA RIGHT TO BE FORGOTTEN)

Your Right

Subject to certain limitations, California residents may also have the right to have us delete their personal information. This is sometimes called the “right to be forgotten.” If, The Plaza Hotel receives a verifiable consumer request to delete a consumer’s personal information, we must comply unless we must retain the personal information for one of the following reasons:

  • Detect or resolve security or functionality-related issues.
  • Comply with the law or protect rights provided by law (Ex., free speech rights).
  • Comply with a legal obligation.
  • Safeguard the right to free speech.
  • Provide goods or services to the consumer.
  • Conduct research in the public interest.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Carry out actions for internal purposes that the consumer might reasonably expect.

To exercise your rights under the CCPA, make a request through our secure interactive web form available here, CCPA Request Form, or by contacting our Data Protection Officer using the following information.

Address:

Attention: Data Protection Officer
768 Fifth Avenue
New York, NY 10019

Phone:

833.244.4421

Email Address:

PLZ.DataProtection@fairmont.com

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Any disclosures we provide will only cover the 12-months prior to the request.

Verifying the identity of the requester

The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with adequate detail that allows us to properly understand, evaluate, and respond to it.

RESPONSE TIMING AND FORMAT FOR REQUEST TO KNOW OR TO DELETE

We will confirm receipt of a verifiable consumer request within 10 business days and provide information on how we intend to process the request.

We will provide a response to a verifiable consumer request within forty-five (45) days of its receipt.

If additional time is required to respond (up to 45 days), we will inform the consumer, at their option, of the reason and extension period electronically or via mail.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

NON-DISCRIMINATION

We will not discriminate against you for exercising any of your CCPA rights.

Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

CALIFORNIA’S DO NOT SELL MY PERSONAL INFORMATION

Under CCPA, the disclosure of personal information to a third party for monetary or other consideration of value can be considered a “sale”.

The CCPA also gives residents of California the right to stop the “sale” of their personal information through a mechanism called “Do Not My Personal Information”.

California’s definition of a “sale” also includes the transfer of data between corporate affiliates. In other words, companies that share a common ownership or other transfers for the purposes of serving the customer that would ordinarily not be thought of as a “sale”.

We provide the opportunity for consumers to exercise this right if any of our online business practices are considered to be a sale under the CCPA’s broad definition.

If you would like to opt out of the sale of your personal information, you can submit an opt-out request by clicking here.

The Plaza
768 Fifth Avenue
New York, New York 10019
Direct: (212) 546-5249    Mobile: (646) 623-0247
fairmont.com/theplaza  •   theplazany.com

© 2023 Plaza LLC (USA) — All Rights Reserved — Privacy PolicyCalifornia Collection NoticeDo Not Sell My Personal InformationCookie Policy