MCR PRIVACY STATEMENT
Last Updated: December 10, 2019
This Privacy Statement describes the privacy practices of MCR Investors LLC and its subsidiaries and affiliates (collectively, “MCR,” “we”, “us” and/or “our”). This Privacy Statement describes how we handle personal information we collect online (e.g., through our websites and mobile apps), and offline (e.g., through customer support hotlines and in-person promotional activities) (collectively, the “Services”). This Privacy Statement explains the types of personal information we collect and process, how we may use and share the data, and the choices that are available to you with respect to our handling of your data.
How MCR Collects Information
Types of Personal Information That MCR Collects
The types of personal information MCR collects may include:
If you submit any personal information relating to other people to MCR, you represent that you have the authority to do so and permit us to use the information in accordance with this Privacy Statement.
Use of Personal Information
MCR may use personal information to:
We may use your information in furtherance of our legitimate interest to provide you with the Services offered by MCR. We may also use your information to manage our contractual relationship with you or to comply with our legal obligations.
To the extent we rely on consent for the processing of your personal information, we will seek such consent at the time we collect your personal information.
How MCR Shares Personal Information
MCR endeavors to provide the same level of service that MCR guests have come to expect at MCR hotels wherever they may be. To provide this service, MCR may share personal information among hotels or service providers.
On occasion, MCR may offer programs, activities, events or promotions (“Special Programs”) that have specific terms, privacy notices and/or consent forms that explain how any personal information you provide will be processed in connection with the Special Program.
Some Special Programs may be offered jointly with third parties with whom MCR collaborates, including franchisors. In those cases, MCR may exchange data with third parties to deliver the Special Programs.
The terms that apply to a Special Program may reflect the data handling process of third parties. We strongly suggest you review the terms applicable to the Special Program before participating.
When guests or users are visiting and interacting with the Services, MCR and third parties, including franchisors, may collect Other Information (for example, a catalog of the site pages visited, and the number of visits to MCR’s sites) (“Other Information”).
Because Other Information does not personally identify the user, such information may be disclosed for any purpose. In some instances, MCR may combine Other Information with personal information. If MCR does combine any Other Information with personal information, the combined information will be treated by MCR as personal information in accordance with this Statement.
We may aggregate and/or de-identify data about visitors to our Services and use it for any purpose, including product and service development and improvement activities.
Cookies and IP Addresses
Users can set their computer to warn them each time a cookie is sent or turn off all cookies (except Flash cookies) through their browser. The browser’s Help menu or users’ built-in mobile device settings can be checked to see how. Some mobile devices store cookies not only in areas connected to the browser, but also in areas that are app-specific, which cannot be controlled by the browser settings. App settings options on mobile devices can be checked to see how to manage or delete cookies that may be stored in these other areas. If users do not accept cookies, some features, Services or activities that are available on the website and apps may be adversely affected and users may be unable to perform certain transactions, use certain functionality, and access certain content.
MCR uses the following types of cookies on the website and apps:
MCR and its third-party service providers use web beacons and pixel tags to:
If users would like to know more about cookies, including flash cookies/local storage devices, the following websites provide useful information:
Do Not Track Signals
Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time.
Personal Information From Children
MCR does not knowingly collect personal information from individuals under 18 years of age. Parents or legal guardians should not to allow children to submit personal information without permission. Parents or legal guardians may provide information regarding children accompanying them.
Mobile and Location-Based Services
MCR may provide mobile apps that can be downloaded to smart phones or other devices. These apps provide services and may collect personal and Other Information that will be used in accordance with this Statement.
MCR’s mobile apps and other electronic systems and services may use the device’s Global Positioning System (GPS) technology to locate a nearby hotel, provide account services, facilitate mobile check-in, and/or to provide relevant location-based information. MCR may also share this information with third parties, including franchisors, managers, or owners. The device’s settings are used when accessing any geo-location data. To the extent any geo-location data is combined with personal information, that information will be treated as personal information in accordance with this Statement.
MCR may make available from time to time a virtual concierge application, which may be pre-loaded on a MCR-owned device, or may be downloadable to a mobile device. Using these applications, guests may be able to order services from the hotel, such as room service or valet parking; access MCR’s sites; access third-party sites, including local attractions and social media; and book a reservation. To order services from the hotel, guests may need to enter name and room number, and may be able to receive order confirmations via text messaging. If text confirmation is requested, a phone number and carrier may be required. Booking reservations may require entry of a MCR’s confirmation number and security codes.
You may stop sharing your location data by adjusting your mobile device’s location services settings. For instructions on changing the relevant settings, please contact your service provider or device manufacturer.
Links to Third-Parties
The Services may contain links to third party sites, applications and services, including franchisor sites, applications and services. Please note that MCR is not responsible for the collection, use, maintenance, sharing, or disclosure of data and information by such third parties or the content of their sites, applications and services.
Other third-party sites, applications and services include the landing page of the high-speed Internet providers at MCR hotels, as well as social media and other sites (such as Facebook, Twitter, Instagram, TripAdvisor, etc.) on which MCR’s properties may have accounts or fan pages where users may be able to post information and materials. Logging-in or connecting with such sites may also provide MCR with information via that third party in accordance with their policies and privacy selections on their sites (e.g., locations, postings, connections, etc.).
Information provided to or on third-party sites is subject to the privacy statement and terms of service on those sites. MCR encourages users to read the privacy policies of sites, applications and services before submitting personal information.
Protecting Personal Information
Because the security of personal information is important, MCR enables the use of Secured Socket Layer (“SSL”) browser transmission of personal information. If a user’s browser is SSL enabled, transmission of personal information to MCR online through the browser can be encrypted. Users can verify whether their personal information is transmitted using SSL encryption by confirming the symbol of a closed lock or solid key on the bottom bar of their browser window. Users can also verify that transmission of personal information is encrypted using SSL encryption by making certain that the prefix for the web address listed for that page has changed from “http” to “https”. If the appropriate symbol and the “https” prefix is not visible, a user should not assume that the personal information that they are being asked to provide will be encrypted prior to transmission. The personal information collected from users online through the Services is stored by MCR and/or MCR service providers on databases protected through a combination of physical and electronic access controls, firewall technology and other reasonable security measures. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal information and MCR is not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. MCR will also seek to require MCR’s affiliates and service providers with which MCR shares personal information to exercise reasonable efforts to maintain the confidentiality of personal information shared by MCR. For online transactions, MCR uses reasonable technology to protect personal information provided to MCR via the Services. Unfortunately, however, no security system or system of transmitting data over the Internet can be guaranteed to be entirely secure. Use of the Services and related applications and transmission of data is at the user’s own risk. Use caution in using electronic communications and media. Do not share passwords.
For privacy protection, MCR encourages users not to include sensitive personal information in any emails sent to MCR, and to not send payment card or account numbers or any sensitive personal information to MCR via email.
MCR will not contact users by mobile/text messaging or email to ask for confidential personal information or payment card or account details. MCR will only ask for confidential personal information or payment card or account details by telephone or website when users are booking a reservation or promotional package by telephone.
Your Privacy Choices
If you would like to review, correct, update, suppress, restrict or delete personal information that you have previously provided to us, or if you would like to receive an electronic copy of your personal information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by law), you can contact us at firstname.lastname@example.org.
In your request, please make clear what personal information you would like to have changed, whether you would like to have your personal information removed from our database, or other limitations you would like to put on our use of your personal information. We may reject your request, as permitted by applicable law.
We reserve the right to verify your identity in connection with any requests regarding personal information to help ensure that we provide the information we maintain to the individuals to whom it pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that information. We will try to comply with your request as soon as reasonably practicable.
Please note that we often need to retain certain data, including account data, for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or reservation, or enter a promotion, you may not be able to change or delete the personal information provided until after the completion of such purchase, reservation, or promotion). There may also be residual data that will remain within our databases and other records, which we may keep, to the extent permitted by applicable laws. In addition, there may be certain data that we may not allow you to review for legal, security or other reasons.
Retaining Personal Information
MCR retains personal information for the period necessary to fulfill the purposes outlined in this Statement, unless a longer retention period is required or permitted by applicable law.
Choices – Marketing Communications
If contact information (mail address, fax number, email address or phone number) is provided, MCR may send information regarding MCR’s products and services or invitations to events by email, telephone, mobile/text messaging (including SMS, MMS and EMS) or post.
Communications preferences may be changed by writing to MCR (and including email address) at email@example.com.
You may unsubscribe from receiving marketing communications from MCR. However, even if you opt out of receiving such communications, we retain the right to send you non-marketing communications (such as order confirmation emails or changes in our website or mobile app terms).
International Data Transfers
We may transfer your personal information to countries other than the country in which you initially provided the information for the purposes described in this Privacy Statement. For example, if you are located outside of the United States, we typically transfer your personal information to the United States, where MCR is headquartered. The countries to which we transfer personal information may not have the same data protection laws as the country in which you initially provided the information.
We may transfer personal information from the European Economic Area (“EEA”) to countries that the European Commission has deemed to adequately safeguard personal information, in which case no additional safeguards are required in order to transfer this information. If we transfer your personal information to other countries, we will either transfer it subject to the recipient’s compliance with standard contractual clauses, EU-US Privacy Shield, or Binding Corporate Rules, or with your consent to the transfer, unless we are permitted by law to transfer personal information without such formalities.
Special Notification for California Residents
Individual users who reside in California and have provided their personal information to MCR may request information about MCR’s disclosures of personal information to third parties for their direct marketing purposes and may also request that their personal information be corrected or deleted. Such requests must be submitted to MCR at firstname.lastname@example.org. Within thirty days of receiving such a request, MCR will provide a list of the categories of personal information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. MCR will, to the extent possible, provide the same level of service to users who exercise their rights under California law, but some personal information is required in order for MCR to provide services, such as fulfilling requests or keeping reservations. MCR reserves MCR’s right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.
Updates to This Statement
MCR may modify this Statement from time to time. When MCR makes material changes to this Statement, MCR will post a link to the revised Statement on the homepage of the Services. Users can tell when this Statement was last updated by looking at the link and at the date at the top of the Statement. Any changes to MCR’s Statement will become effective upon posting of the revised Statement on the site. Use of the Services following such changes constitutes acceptance of the revised Statement then in effect.
Questions about this Statement or how MCR processes personal information may be submitted to MCR by email at email@example.com or by postal mail to:
MCR Hotels Marketing Group
One World Trade Center, Floor 86
New York, New York 10007
180 Tenth Avenue
(at 20th Street)
New York, New York 10011
+1 (212) 929-3888