By accessing or using our Site on any computer, mobile phone, tablet, console or other device (collectively, “Device“), you understand and agree that we collect, use and disclose your personal information in accordance with this Policy. IF YOU DO NOT AGREE TO the policy, PLEASE DO NOT USE THIS SITE.
Collection of Personal Information
Hotel Theodore collects, processes and stores standard data collected by all web server software, as well as personally identifying information (“Personal Information”). The Personal Information we collect is typically information that you voluntarily provide to Hotel Theodore through the Site (for example, name, e-mail address, other contact information) or by your presence at our hotel. However, sometimes Personal Information is derived from indirect sources (e.g., inferences from other information; third party sources, including collecting publicly available information from social networking web sites). Collecting and analyzing this information will help us understand your interests better and improve our service to you.
If you have concerns about our Personal Information collection policies, please contact us at firstname.lastname@example.org. To the greatest extent possible, we will offer you the choice to not submit Personal Information. However, the election not to submit Personal Information may affect or inhibit your ability to carry out certain transactions with us. For example, not providing a name will prevent the processing of reservations.
If you are a resident of the EU, you have the right to make a complaint at any time to your respective supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach such supervisory authority, so please contact us in the first instance.
Types of Personal Information Collected
The data and Personal Information collected by Hotel Theodore will vary based on applicable law, but may include: (1) the Internet Protocol (“IP”) address used for your connection this Site (but not your e-mail address); (2) the domain name assigned to your IP address (if there is one); (c) the type of browser and operating system you used to access this Site (for example, Mozilla/4.0 [compatible; MSIE 4.01; Windows NT; IE4WDUS-1998101501]); (3) the date and time you visited this Site; (4) the web pages or services you accessed at this Site; and (5) the website you visited prior to coming to this Site, which enables analysis of how visitors reach the Site; (6) your name, gender, home/work contact, date/place of birth, nationality/passport/visa information, names/ages of children, and job title; (7) information about your hotel visits (including previous hotels where you have stayed), arrival/departure dates, goods/services purchased, special requests and service preferences (room; holiday; etc.); (8) information necessary to accommodate your special requests and service preferences (ex., health condition information for special room requests); (9) telephone and fax usage, and telephone messages received; (10) credit card details, hotel rewards member information, online user account details (profile, password, etc.) and frequent flyer or similar travel information; (11) information provided in survey feedback and contest or promotional offer participation; (12) information about your on-site activities collected from on-site security devices; (13) pertinent information about the employees of corporate accounts, vendors and others conducting business with Hotel Theodore (ex., travel agents, wedding/meeting/event planners, etc.); (14) with user consent, geolocation information (iPhone and other mobile internet users); and (15) non-personally identifiable information about you, such as your use of our Sites, communication preferences, travel habits, and aggregated data relative to your stays.
Purpose and Legal Basis for Collecting Information
We process your personal information for the purposes set forth in the sections titled “Use of Information Collected” and “Disclosure of Collected Information.” The legal bases for Hotel Theodore’ processing activities include processing such information as necessary to comply with our contractual obligations, compliance with our legal obligations, protecting the safety of our employees, guests and others, for our legitimate business interests, and pursuant to your consent.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one legal basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Type of data
Lawful basis for processing including basis of legitimate interest
(d) marketing and communications
(a) Necessary to comply with a legal obligation
(b) Necessary for our legitimate interests
(to keep our records updated and to study how clients use our products/services)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Necessary for our legitimate interests
(for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
(e) marketing and communications
Necessary for our legitimate interests
(to study how clients use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, client relationships and experiences
Necessary for our legitimate interests (to define types of clients for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about services that may be of interest to you
Necessary for our legitimate interests (to develop our products/services and grow our business)
Use of Information Collected
As a general policy, Hotel Theodore will not ask you for Personal Information unless we need it or intend to use it. Some of the primary reasons we collect Personal Information are for:
Processing transactions and contractual obligations (e.g., making a reservation, completing orders for other goods and services, fulfilling a request for information, completing a product order) and administering frequent guest programs.
Responding to your requests for information and services and improving the quality of those services being provided to you.
Performing market research via surveys to better serve your needs, improve the effectiveness of our web sites, your hotel experience, our various types of communications, advertising campaigns, and/or promotional activities.
Marketing and communications with you about the products and services we offer, as well as the products and services offered by our affiliates, strategic marketing partners, and other trusted third parties.
Meeting legal and regulatory requirements and providing for the safety and security of staff, guests and other visitors.
Disclosure of Collected Information
Hotel Theodore generally does not share, rent, or sell Personal Information you have given us to any third party without your permission. However, we may disclosure your Personal Information in the following instances:
To permit third party service providers who are engaging in business functions on Hotel Theodore’ behalf (such as credit card processing, customer support services, market research administration, client communications and outreach, or database management services) to fulfill their obligations and tasks for us.
When required by law, subpoena or other legal process or in good faith belief that such action is necessary to investigate or protect against harmful activities to Hotel Theodore guests, visitors, associates, or property (including this Site), or to others.
In connection with a transfer of the Hotel Theodore, to the extent necessary to facilitate the continued operation of the business and ensure contractual obligations are met.
To comply with legal or regulatory requirements or obligations in accordance with applicable law, a court order or a subpoena.
From time to time, we may also share with partners or other third parties non-personal aggregate information (or other such “summary” information) about customers and Site visitors. However, no information is sold or shared at the level of the individual customer.
If information is shared as mentioned above, we will make every effort to limit the scope of information furnished to the amount necessary for the performance of the specific function. Except to the extent prohibited by law, we require third parties to secure the privacy of your Personal Information and abide by applicable privacy laws and regulations.
Retention of Collected Information
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Rights Regarding Collected Information
Residents of the EU have the following rights:
Access, Correction and Erasure Requests: You have the right to:
- ask us to confirm whether we are processing your personal information;
- receive information on how your data is processed;
- obtain a copy of your personal information;
- request that we update or correct your personal information; and
- request that we delete personal information in certain circumstances.
Right to Object to Processing: You have the right to request that Hotel Theodore cease processing of your personal information:
- for marketing activities, including profiling;
- for statistical purposes; and
- where such processing is based on our legitimate business interests, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your personal information for the establishment, exercise or defense of a legal claim.
Right to Restrict Processing: You have the right to request that Hotel Theodore limit the processing of your personal information:
- while Hotel Theodore is evaluating or in the process of responding to a request by you to update or correct your personal information;
- where such processing is unlawful and you do not want Hotel Theodore to delete your data;
- where Hotel Theodore no longer requires such data, but you want us to retain the data for the establishment, exercise or defense of a legal claim; and
- where you have submitted an objection to processing based on our legitimate business interests, pending our response to such request.
Where we limit the processing of your personal information pursuant to your request, we will inform you prior to re-engaging in such processing.
Data Portability Requests: You have the right to request that we provide you or a third party that you designate with certain of your personal information in a commonly used, machine readable format. Please note, however, that data portability rights apply only to personal information that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.
Submitting Requests: your requests may be submitted in writing to email@example.com. We will respond to all such requests within 30 days of our receipt of the request, unless there are extenuating circumstances, in which event we may take up to 60 days to respond. We will inform you if we expect our response to take longer than 30 days. Please note, however, that certain personal information may be exempt from such rights pursuant to applicable data protection laws. In addition, we will not respond to any request unless we are able to appropriately verify the requester’s identity. We may charge you a reasonable fee for subsequent copies of data that you request.
If you have concerns about our data practices or the exercise of your rights, you may contact Hotel Theodore by phone.
Right to Withdraw Consent: You have the right to withdraw your consent to any processing that we conduct solely based on your consent (such as sending direct marketing materials to your personal email account). You may withdraw your consent to marketing activities by following the instructions on any marketing emails, or contacting firstname.lastname@example.org. For any other activities for which you have previously consented, you may contact email@example.com to withdraw such consent.
International Data Transfers
We may transfer the personal information we collect about you pursuant to the purposes described in this Statement to countries that have not been found by the European Economic Area to provide adequate protection. In particular, we transfer your personal information to the United States.
We use appropriate safeguards for the transfer of personal information among our affiliates in various jurisdictions, and where required, we have implemented European Union controller-to-controller standard contractual clauses or other such safeguards for such purposes. To obtain a copy of theses clauses or additional information on transfers, you may send your request to: firstname.lastname@example.org.
SITE USAGE AND INFORMATION SECURITY
Because the security of your Personal Information is important to us, this Site uses encryption software, either through Secure Socket Layer (“SSL”) or a comparable product, to enable secure transmission of data by encrypting it. The URL in your browser will change to “HTTPS” instead of “HTTP” when this security feature is invoked. Your browser may also display a lock or key symbol on its task bar to indicate invoked secure transmission. If these indicators are not present, information may be susceptible to interception by other parties. Even with SSL protection, it remains important to protect against unauthorized use of your login profile and password by taking standard precautionary measures (logging off; protecting passwords; etc.). Most Internet e-mail communication is not considered secure. If you are communicating sensitive information, consider sending it in by postal mail or contacting Hotel Theodore by phone. Please bear in mind that “guaranteed security” does not exist, whether on or off the Internet. Even so, we strive to take appropriate administrative, procedural and technical safeguarding measures to protect your Personal Information.
A cookie is a small text file created by a website server (including the Site server) and stored on your Device’s hard drive. Cookies save unique information that the website server can access while you are browsing our Site. Typically, cookies save information such as your website preferences, the date you last looked at a specific page, or a random number used to identify your particular Site session. Cookies help us measure how many visitors come to our Site and how many of these visitors are new or returning. Cookies also enable certain functions on our Site to function properly (such as booking engines) or more efficiently (retaining and auto-filling or transferring previously provided information from web page at the Site to the next, or from one Site visit to the next). Finally, cookies also can be used to collect anonymous information about the pages you visit at the Site. Cookies are not used by Hotel Theodore to obtain any Personal Information that you do not affirmatively elect to provide to us.
Use of Reporting Services
We may elect, from time to time, to use independent reporting services to analyze anonymous aggregate information about user traffic to our Site (i.e., the information is not capable of being used to identify individual users).
Links to Other Sites
This Site may, from time to time, provide links to other websites as a convenience to visitors. These may include links to websites operated by government agencies, nonprofit organizations, and other private businesses unrelated to Hotel Theodore. When using one of these links, you are no longer on this Site, and you are subject to the terms, conditions, and policies of that website.
Neither Hotel Theodore, nor any officer or employee of Hotel Theodore warrants the accuracy, reliability or timeliness of any information published by any external sites, nor endorses any content, viewpoints, products, or services linked from those systems, and cannot be held liable for any losses caused by reliance on the accuracy, reliability or timeliness of their information. Portions of such information may be incorrect or not current. Any person or entity that relies on any information obtained from those sites does so at his or her own risk.
Communications & Unsubscribing
Hotel Theodore may from time to time mail, e-mail, telephone, or contact you by other means to notify you of upcoming special offers, new services, events, or other relevant information that we think may be of interest to you. By using the Site, you agree to receive certain electronic communications from Hotel Theodore. Every e-mail communication from Hotel Theodore or its authorized agents (other than reservation confirmations and similar-such communications), will contain explicit instructions for removing yourself from the applicable mailing list. You may also unsubscribe at any time.
This Site is not intended to sell products or services or purchases by minors (as defined by applicable law), nor do we seek or desire to obtain Personal Information directly from minors. Even so, we cannot always determine the age of persons who access and use our web sites. If a minor provides us with his/her data without parental or guardian consent, we encourage the parent or guardian to contact us to have this information removed and to unsubscribe the minor from future Provenance marketing communications.
This Site is and shall be deemed a passive website solely based in the State of Oregon, United State of America, which does not give rise to personal jurisdiction over Hotel Theodore in jurisdictions other than Oregon.
If you have questions or concerns regarding this Policy, please contact our Privacy Department at email@example.com.
Notification of Changes
As mentioned above, by using our Site, you have agreed to let us collect and use information per the guidelines of this Policy. If at some point in the future, there is a change to our information usage practices that affect your personal information, we will post those changes to this policy. To help you monitor those changes, this Policy has an effective date set out at the end of this document.
Effective date: May 24, 2018.