Effective March 1, 2019
More specifically, this Policy summarizes how GrandLife® handles the personal and other information users of the Site provide while accessing and using the Site, including while making a reservation. Users of the Site include members of the general public.
By accessing the Site, you are indicating your agreement to this Policy. Please review this Policy carefully. GrandLife® reserves the right to change this Policy at any time. In the event of material changes to this Policy, the Site will contain a notice and summary of the changes. Changes will be effective immediately upon posting to the Site. However, except to the extent we receive your authorization or as permitted or required by applicable law, we will handle your personal information in accordance with the terms of the Policy in effect at the time of the collection. If you have any questions or concerns about the Policy, please contact us by calling 212-965-3275 or as provided below.
This Policy applies to the following website domains:
Information Collected. As you are probably aware, we may collect information from a variety of sources to operate the Site, carry out our business, comply with law and other purposes described herein.
GrandLife® may compile statistical information concerning the usage of the Site. This information allows GrandLife® to monitor its utilization and continuously improve its quality. Examples of this information would include, but not be limited to, the number of visitors to the Site, or to sections or pages within the Site, patterns of traffic flowing through the Site, length of time spent on the Site, or in sections or pages of the Site, the other sites that refer visitors to the Site, the pages of the Site that visitors frequently use as entry and exit points, utilization of the browser and operating systems and versions used by visitors to the Site. In order to compile this information, GrandLife® may collect and store your IP address, your operating system version, your browser version, the pages you visit within the Site, the length of time you spend on pages within the Site, the site from which you linked to ours, search terms you used in search engines which resulted in you linking to the Site, etc. While all of this information can be associated with the IP address your computer had while you visited the Site, it will not be associated with you as an individual, or associated with any other information you may submit through the Site, or that our hotels may store about you for any other purposes.
We also collect personal information such as: your contact information; and information related to products and services you buy or receive from us, such as in connection with making reservations, participation in membership or loyalty programs, participation in contests, sweepstakes, surveys or marketing programs. This personal information can include data such as name; personal or work contact information; personal characteristics, such as gender, date of birth, title, and nationality; income; passport number and date and place of issue; travel history; payment information, such as your payment card number, authentication information and other billing and account details associated with mobile billing; guest preferences; marketing and communication preferences; sensitive personal data relating to special accommodation requests; reviews and opinions; frequent flyer or similar membership program number and related information; information provided on membership and account applications; and other types of information that you choose to provide to us or that we may obtain about you. Similar information also may be collected about your family members or individuals with whom you are using our products and services. Additionally, we may collect employment history, and related information if you seek employment with us which might include your work history and salary information.
In addition, we collect other personal information in certain cases, such as email addresses, when you sign up to receive our electronic newsletter and/or other marketing and promotional materials. Your contact information and payment information is also collected when you use our reservation service.
We may, from time to time, collect information about third parties such as through your social media services consistent with your settings on such services, and from other third-party sources that are lawfully entitled to share your data with us. We use and share this information (and may add it to the other information we have on file for you) for the purposes described in this Policy.
Note that if you choose not to provide your personal information, we may be unable to provide the products, services, information, or assistance you are seeking.
If you would like more information about web tags and cookies associated with on-line advertising please visit the Network Advertising Initiative website http://www.networkadvertising.org (link is external) or http://www.allaboutcookies.org/ (link is external).
We may use analytics services, such as provided by Google Analytics, to help generate statistics about our Site’s traffic, sales, etc. for reports on our Site activity. The analytics services may transfer this information to third parties in case of a statutory obligation or if a third party processes data on behalf of that service. These analytics services will generate detailed statistics about a website’s traffic and traffic sources and measure conversions and sales. The information generated about your use of our Site, including your IP address, will be anonymized by use of the appropriate settings (“_anonymizelp()” function or equivalent). For more information on how anonymization works please see https://support.google.com/analytics/answer/2763052 (link is external).
Information of Children. The Site is not directed to children as the products and services on this Site are intended for persons 18 years of age and older. GrandLife® does not knowingly collect, use or disclose any personal information from children. If you are concerned about your child’s use of the Site, you may use web-filtering technology to supervise or limit access to the Site.
Use of Information. In general, we will use the information we collect about you only for the purpose it was collected, for compatible purposes, as permitted or required by law, as necessary to carry out our contractual duties and obligations, and as otherwise provided in this Policy. For example, we may use your personal information to:
- Provide you with the products and/or services you have purchased or requested. This might include establishing an on-line profile, making a reservation, or making improvements in the design and administration of the Site.
- Market our products or services that we think may be of interest to you. For example, we may use your personal information to send you newsletters and promotions using any communications preferences you have expressed. We use your information to provide in-stay messaging, account alerts, and reservation confirmations; to send you marketing messages; and to conduct surveys, sweepstakes, prize draws, and other contests. We may provide these communications via email, postal mail, online advertising, social media, telephone, text message (including SMS and MMS), push notifications, in-app messaging, and other means. With your consent, we also use user-generated content (such as photos) from social media services to deliver display advertising or on our Site and apps.
Disclosure of Information. In general, we will not disclose your personal information except with your consent and as described in this Policy. We may disclose your personal information for the same reasons that we may use it as described in this Policy, which includes disclosing it to our affiliates and non-affiliated entities, as we deem necessary to carry out those purposes. For example, and without limitation, GrandLife® may need to use or disclose this information with its third party vendors to manage the Site; process payments and requests for products and services; provide you with products, services, or offers; coordinate your participation in our loyalty reward or similar programs; engage in marketing activities, such as sharing personal information with our partners to deliver advertisements to our customers; enhance our services by, among other methods, obtaining assistance with providing more personalized services to you through analytics and other technologies; and protecting GrandLife’s® interests and legal rights, such as through responding to subpoenas and defending litigation. We endeavor to choose affiliates and non-affiliates with similar standards to ours regarding the protection of personal information.
In no case will GrandLife® sell or license personal information to third parties, except as required or permitted by law. For example, we may sell, assign or share personal information in connection with certain business transactions, such as the acquisition of all or substantially all of GrandLife’s® assets. In such cases, we will take appropriate steps under the circumstances and to the extent possible to ensure that the recipient agrees to provide privacy protections substantially similar to those established by this Policy.
Do Not Track. “Do Not Track” is a privacy preference that you can set in your Internet search browser that sends a signal to a website that you do not want the website operator to track certain browsing information about you. However, because our Site is not configured to detect Do Not Track signals from a user’s computer, we are unable to respond to Do Not Track requests.
Modifying Your Personal Information. If you would like to update your personal information on the Site, you may email us at DPO@grandlifehotels.com. Also, if you wish to unsubscribe from any of our newsletters or other communications for which you have registered, you may e-mail us at DPO@grandlifehotels.com.
Safeguarding of Information. No system for safeguarding personal or other information is 100% secure. However, we take a number of steps to safeguard the security of personal information obtained through the Site. For example, we use Secure Socket Layer (SSL) data encryption when data is transmitted over the Internet to our Site. We have installed layered firewalls and other security technologies to help prevent unauthorized access to our systems. Our data centers are maintained in a secure environment with appropriate security measures. Our employees are trained to understand the importance of confidentiality and are required to adhere to our privacy policies and procedures. Employees who violate these policies and procedures are subject to disciplinary action. We employ numerous practices to protect against the disclosure of information for purposes unrelated to the performance of our business functions or to individuals other than those who must use it in the course of their work activities. These practices include the use of password protection of computer files, e-mail and voice-mail, video surveillance, and other physical, electronic, and procedural safeguards.
Applicable Law. This Policy is governed by the internal substantive laws of State of New York, without regard to its conflict of laws principles. Any claims arising under or out of this Policy shall be filed only in the United States District Court for the District of New York or, if there is no federal jurisdiction over the action, in the courts of the State of New York located in Kings County, New York. If any provision of this Policy is found to be invalid by a court having competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of this Policy, which shall remain in full force and effect.
If you are a California resident, please read the following:
- California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by GrandLife® to third parties for the third parties’ direct marketing purposes. Requests may be made one time per calendar year. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g., requests made in 2018 will receive information regarding 2017 sharing activities). You may submit your request using the contact information at the end of this Policy.
- If you are a California resident under the age of 18, and a registered user of any site where this policy is posted, California law permits you to request and obtain removal of content or information you have publicly posted. You may submit your request using the contact information at the end of this Policy. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
European Economic Area Residents
If you are a resident of the European Economic Area, please read the following:
We make every attempt to process your personal information in accordance with the requirements of the General Data Protection Regulation (GDPR) and the ePrivacy Directive. In addition to the information provided above, residents of the European Economic Area should be aware of the following:
As a resident of the EEA, you may have certain additional rights, subject to limitations regarding the processing of your personal information. These may include the right to:
- Consent (opt-in) to the processing of your personal information
- Access or request a copy of your personal information
- Correct any inaccuracies relating to your personal information
- Restrict the processing of your personal information
- Object to the processing of your personal information
- Request the erasure of your personal information
- Receive your personal information in a commonly-used machine readable format and have that information transmitted to another data controller
- Withdraw your consent to the processing of your personal information
- Lodge a complaint with the Supervisory Authority in your jurisdiction
We retain your personal information only for the period of time needed to fulfill the purposes stated in this Policy.
These rights may not apply to individuals residing outside of the EEA.
Data Request Rights. Individuals in several countries have certain rights to request information about their personal data. We have processes in place to ensure that we respond promptly to these requests. You may submit requests securely using this form. For your protection, we only fulfill requests for the personal data associated with the email address that you identify in your request, and we may need to verify your identity before fulfilling certain requests.
Grandlife acknowledges and respects our guests’ privacy and we will try to comply with your request as soon as reasonably practicable and consistent with applicable law.
If you have any questions regarding this Policy or our policies in the event of a compromise of your information, you may contact us at:
Data Privacy Officer
Hartz Hotel Services, Inc.
400 Plaza Drive
Secaucus, NJ 07094
GrandLife® is a co-marketing brand for the Soho Grand Hotel and The Roxy Hotel. GrandLife® is a registered trademark of Hartz Hotel Services, Inc., the management company for Soho Grand Hotel, Inc. and Tribeca Grand Hotel, Inc. (dba The Roxy Hotel).
The European Economic Area includes the following countries: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the United Kingdom and Iceland, Liechtenstein and Norway.
310 West Broadway
New York, NY 10013