MCR Privacy Statement
Last Updated: December 10, 2019
This Privacy Statement describes the privacy practices of MCR Investors LLC and its subsidiaries and affiliates (collectively, “MCR,” “we”, “us” and/or “our”). This Privacy Statement describes how we handle personal information we collect online (e.g., through our websites and mobile apps), and offline (e.g., through customer support hotlines and in-person promotional activities) (collectively, the “Services”). This Privacy Statement explains the types of personal information we collect and process, how we may use and share the data, and the choices that are available to you with respect to our handling of your data.
How MCR Collects Information
Types of Personal Information That MCR Collects
Use of Personal Information
How MCR Shares Personal Information
Cookies and IP Addresses
Do Not Track Signals
Personal Information From Children
Mobile and Location-Based Services
Link to Third-Parties
Protecting Personal Information
Your Privacy Choices
Retaining Personal Information
Choices – Marketing Communications
International Data Transfers
Special Notification for California Residents
Updates to This Statement
How MCR Collects Information
- Directly from you
- Through our websites and mobile apps
- From social media or other public forums
- From third party vendors or business partners, including franchisors
Types of Personal Information That MCR Collects
The types of personal information MCR collects may include:
- Name, gender, contact information, business title, date and place of birth, nationality, passport and visa information.
- Information related to website searches, reservations, stays and visits to a property, including names of hotels, dates of arrival and departure, goods and services purchased, special requests made and information necessary to fulfill special requests, preferences that require special accommodations, observations regarding service preferences (including room, holidays, amenities requested, facilities or other services used), telephone numbers dialed, faxes sent or received, telephone messages received through hotel facilities.
- Account information such as user name and password and any other information you or we provide in connection with your account, as well as information regarding past and future reservations, account rewards, assignment priority, mobile check-in, and more.
- Billing information such as credit card details, billing address, and purchase history.
- Personal characteristics, income, travel history.
- Information about vehicles brought onto MCR’s properties.
- Reviews and opinions about MCR or properties or other personal information in customer surveys.
- Hotel, airline, and rental car packages booked.
- Groups associated with stays at hotels, including contact and other relevant details concerning the employees of corporate accounts and vendors and others with which MCR does business (e.g., travel agents or meeting and event planners).
- Other types of information provided to MCR or obtained by MCR from third parties, including franchisors.
- Details on joint travelers, including their names and frequent flyer numbers, and the age of the driver of the rental car.
- Information and records related to conversations, including recording or monitoring of customer service calls.
- Additional contact information from third parties with which MCR or our hotels do business (e.g., travel agents or similar providers, franchisors, etc.), such as email addresses that may be provided by travel agents.
- Additional personal information collected during registration/check-in at MCR’s properties.
- Images, sound or video of guests and visitors in public areas and information related to visitor location while on MCR’s properties via keycards, closed circuit television and other technologies and security tools.
- Other recordings of sound or video using other technologies to protect MCR’s staff.
- Personal information in connection with on-property services, such as concierge services, health clubs, spas, activities, child care services, equipment rental, and digital key functionality.
- Meeting and event specifications, the date of the event, number of guests, details of the guest rooms, and, for corporate events, information on the organization (e.g., name, annual budget, and number of sponsored events per year).
- Information about the guests that are a part of a group or event that may be provided to MCR by the group or meeting planner or by MCR to the group or meeting planner or third-party service providers who may market event services.
- Information provided by individuals, companies or groups to make a reservation on others’ behalf.
- Information provided to send an electronic postcard or otherwise to share a message with a friend, whether via the Internet, a stand-alone kiosk or mobile.
- Other information requested by or provided to MCR in the context of employment or supplier applications.
- Any information you enter via online chats.
- Geolocation data.
- Information obtained from other sources, such as public databases, social media platforms, and other third parties, including franchisors.
If you submit any personal information relating to other people to MCR, you represent that you have the authority to do so and permit us to use the information in accordance with this Privacy Statement.
MCR may use personal information to:
- Provide requested services (such as facilitating reservations, sending confirmations, sending pre-arrival messages, and providing other information about the hotel and the area).
- Process and complete transactions, reservations, and bookings.
- Assist with and provide information about meeting, event or celebration.
- Operate, evaluate and improve our business, our Services, and other products and services we offer (including to develop new products and services).
- Administer surveys and other market research.
- Establish and maintain any account you create on our websites or mobile apps, including account-related services such as past and future reservations, account rewards, assignment priority, mobile check-in, and more.
- Send offers and promotions from MCR and related parties that may be of interest to you (e.g., account promotions and news, hotel openings and offers, partner offers such as financial products, payment cards or accounts, car hire, and club memberships).
- Provide or offer newsletters, promotions and featured specials, or other marketing communications.
- Offer promotions, sweepstakes, or other contests.
- Provide location information that is useful to you, including the use of geolocation and Global Positioning System (GPS) technology to locate nearby hotels, facilitate mobile check-in, and/or provide account services.
- Comply with legal requirements, judicial process, and our company policies (including to verify users’ identity in connection with access or correction requests).
- Protect against, identify, investigate, and respond to fraud, illegal activity (such as incidents of hacking or misuse of our websites and mobile apps), and claims and other liabilities, including by enforcing the terms and conditions that govern the use of our websites and mobile apps.
We may use your information in furtherance of our legitimate interest to provide you with the Services offered by MCR. We may also use your information to manage our contractual relationship with you or to comply with our legal obligations.
To the extent we rely on consent for the processing of your personal information, we will seek such consent at the time we collect your personal information.
MCR endeavors to provide the same level of service that MCR guests have come to expect at MCR hotels wherever they may be. To provide this service, MCR may share personal information among hotels or service providers.
- Personal information provided in connection with a reservation is made available to the hotel in order to fulfill the reservation request. After the stay, the information, including stay details, room type, services, amenities used, etc. is retained. MCR may provide the hotel’s owner, manager and/or franchisor with limited information about past or future guests of that hotel.
- To provide users a single source for purchasing packages that include other travel-related services such as airline tickets or rental cars, MCR may enter into agreements with select reputable third-party companies that facilitate MCR-branded, owned or managed bookings. Any personal information provided to these third parties, including franchisors, will be controlled by each of them and is subject to their respective privacy statements and practices.
- Billing and folio information for stays paid by corporate payment cards or accounts for guests whose employers or contractors participate in a corporate electronic billing or eFolio program will be shared with the payment card or account providers and the employers or contractors, or their agents. Once MCR transfers this information, MCR Privacy Statement will no longer apply and the handling of personal information will be subject to the privacy policies of the employer, the relevant payment card or account network operator, the relevant card or account issuer and/or their respective subcontractors.
- Information collected for meeting and event planning for stays or visits as part of a group event or meeting may be shared with the organizers of those meetings and events, and, where appropriate, guests who organize or participate in the meeting or event.
- From time to time MCR may partner with other companies to provide products or services and may share information with MCR’s business partners to provide those products or services. For example, MCR may help to arrange rental car or other services from MCR’s business partners, and share personal information with MCR’s business partners in order to provide those services. MCR also may co-sponsor promotions, sweepstakes, prize draws, competitions or contests with other companies, or MCR may provide prizes for sweepstakes and contests sponsored by other companies. MCR may share entrants’ information with MCR’s co-sponsor or the third-party sponsor.
- MCR may share personal information with providers of on-property and off-property services that provide services such as concierge services, spa treatments, golf, or dining experiences, such as PRINT Restaurant and The Press Lounge. These providers may also share information with MCR. Providers may have their own privacy policies and statements that govern their collection, use and sharing of information.
- MCR relies on service providers to provide certain products and services, such as to facilitate administrative functions and information technology operations, payment card or account billing, reservations services, market researchers, email service providers, mail houses that process mail and communications for MCR, providing services in connection with the website, including airline and rental car packages; communicating news and delivering promotional and transactional materials via email, direct mail, and online and mobile advertising; processing payment card or account transactions, data hygiene and enhancement services; professional services such as accounting, auditing and legal advice; investigating accident reports; processing insurance claims; and administering sweepstakes, prize draws, competitions, contests and customer surveys. MCR will disclose personal information to service providers as appropriate.
- In the event of a reorganization, merger, consolidation, sale, liquidation or transfer of all or a part of any hotel or its business or assets, joint ventures, and related business transactions, including in relation to audit or reporting and other regulatory requirements, MCR may, in its sole and absolute discretion, transfer, sell or assign information collected, including, without limitation, Other Information and personal information, to one or more affiliated or unaffiliated third parties, including franchisors, managers, owners, purchasers or partners.
- MCR may share guests’ telephone numbers among MCR hotels, partners and service providers, for purposes of telemarketing. MCR may also receive telephone numbers from MCR’s partners, service providers or from other sources, which MCR may use for telemarketing purposes.
- In addition, MCR may disclose personal information without the guest or user’s permission in order to: (i) comply with applicable laws, (ii) respond to governmental inquiries or requests from public authorities, (iii) comply with valid legal processes, (iv) protect the rights, privacy, safety or property of MCR, website and apps visitors, guests, employees or the public, (v) permit MCR to pursue available remedies or limit the damages that MCR may sustain, (vi) enforce website and apps terms and conditions, and (vii) respond to an emergency.
On occasion, MCR may offer programs, activities, events or promotions (“Special Programs”) that have specific terms, privacy notices and/or consent forms that explain how any personal information you provide will be processed in connection with the Special Program.
Some Special Programs may be offered jointly with third parties with whom MCR collaborates, including franchisors. In those cases, MCR may exchange data with third parties to deliver the Special Programs.
The terms that apply to a Special Program may reflect the data handling process of third parties. We strongly suggest you review the terms applicable to the Special Program before participating.
When guests or users are visiting and interacting with the Services, MCR and third parties, including franchisors, may collect Other Information (for example, a catalog of the site pages visited, and the number of visits to MCR’s sites) (“Other Information”).
Because Other Information does not personally identify the user, such information may be disclosed for any purpose. In some instances, MCR may combine Other Information with personal information. If MCR does combine any Other Information with personal information, the combined information will be treated by MCR as personal information in accordance with this Statement.
We may aggregate and/or de-identify data about visitors to our Services and use it for any purpose, including product and service development and improvement activities.
Users can set their computer to warn them each time a cookie is sent or turn off all cookies (except Flash cookies) through their browser. The browser’s Help menu or users’ built-in mobile device settings can be checked to see how. Some mobile devices store cookies not only in areas connected to the browser, but also in areas that are app-specific, which cannot be controlled by the browser settings. App settings options on mobile devices can be checked to see how to manage or delete cookies that may be stored in these other areas. If users do not accept cookies, some features, Services or activities that are available on the website and apps may be adversely affected and users may be unable to perform certain transactions, use certain functionality, and access certain content.
MCR uses the following types of cookies on the website and apps:
- Session cookies which are automatically deleted once users close their browser.
- HTTP request header information in order to make the website function correctly and to personalize content presented to users, better understand how visitors use the Services and how MCR can better meet user needs.
- Throughout the online reservation process to remember dates used in hotel searches, check room availability and fulfill the reservation.
- To recognize you and remember your settings and preferences, including your account information and services.
- Measure usage of various pages on the website and apps to help make MCR’s information more personalized and easily accessible.
- Provide functionality such as online reservations and other functionality that MCR believes would be of interest and value to users.
- Track customer response to MCR advertisements and website content.
- Determine the browser’s ability to receive HTML email messages to determine the appropriate format to receive and read email.
- Know how many users open an email and allow MCR’s service provider to compile aggregated statistics about an email campaign for us.
- Serve ads through third-party advertising technology when users visit the website and apps and sites upon which MCR advertises. In the course of serving MCR’s advertisements to users, unique third-party persistent cookies, clear gifs or beacon gifs may be placed on users’ computer or device, provided by MCR’s ad-serving providers, to help manage MCR’s online advertising and which recognize when a device visits the website, to learn which banner ads bring users to the website and to track whether a reservation is made. The information MCR’s ad-serving providers and MCR collect through this technology is not personally identifiable, but is used to create a profile which allows the ad-serving provider to serve advertisements targeted towards users and users’ interests across the ad-serving network. To the extent third-party vendors are using Cookies or Other Technologies to perform these services for MCR or others, MCR does not control the use of this technology or the resulting information, and is not responsible for any actions or policies of such third parties, including franchisors. Ads, emails, and other messages may be delivered to users based on their online or mobile behavior (on the website and non-MCR sites), users’ search activity, users’ geographic location or other information. For example, if a user goes to the website to book a hotel room, they may later see an advertisement from MCR when they visit another website. These ads may appear on the website, third-party websites or on mobile platforms. Users may also see advertisements for third parties on the website and apps, other websites or properties, or mobile, based on their visits to, and activities on, the website and apps, other sites and mobile. Some of MCR’s vendors and MCR may use anonymous data, such as demographic data received from third parties, or intent information (such as travel intent information) to assist in the delivery of advertisements to users. In some instances MCR may combine Other Information with personal information.
MCR and its third-party service providers use web beacons and pixel tags to:
- Track customer response to the MCR advertisements and Website content;
- Determine users’ ability to receive HTML-based email messages and know how many users open an email and allow MCR service provider to compile aggregated statistics about an email campaign for MCR; and
- Allow MCR to better target interactive advertising, enhance customer support and site usability, and provide offers and promotions that MCR believes would be of interest to users.
If users would like to know more about cookies, including flash cookies/local storage devices, the following websites provide useful information:
Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time.
MCR does not knowingly collect personal information from individuals under 18 years of age. Parents or legal guardians should not to allow children to submit personal information without permission. Parents or legal guardians may provide information regarding children accompanying them.
MCR may provide mobile apps that can be downloaded to smart phones or other devices. These apps provide services and may collect personal and Other Information that will be used in accordance with this Statement.
MCR’s mobile apps and other electronic systems and services may use the device’s Global Positioning System (GPS) technology to locate a nearby hotel, provide account services, facilitate mobile check-in, and/or to provide relevant location-based information. MCR may also share this information with third parties, including franchisors, managers, or owners. The device’s settings are used when accessing any geo-location data. To the extent any geo-location data is combined with personal information, that information will be treated as personal information in accordance with this Statement.
MCR may make available from time to time a virtual concierge application, which may be pre-loaded on a MCR-owned device, or may be downloadable to a mobile device. Using these applications, guests may be able to order services from the hotel, such as room service or valet parking; access MCR’s sites; access third-party sites, including local attractions and social media; and book a reservation. To order services from the hotel, guests may need to enter name and room number, and may be able to receive order confirmations via text messaging. If text confirmation is requested, a phone number and carrier may be required. Booking reservations may require entry of a MCR’s confirmation number and security codes.
You may stop sharing your location data by adjusting your mobile device’s location services settings. For instructions on changing the relevant settings, please contact your service provider or device manufacturer.
The Services may contain links to third party sites, applications and services, including franchisor sites, applications and services. Please note that MCR is not responsible for the collection, use, maintenance, sharing, or disclosure of data and information by such third parties or the content of their sites, applications and services.
Other third-party sites, applications and services include the landing page of the high-speed Internet providers at MCR hotels, as well as social media and other sites (such as Facebook, Twitter, Instagram, TripAdvisor, etc.) on which MCR’s properties may have accounts or fan pages where users may be able to post information and materials. Logging-in or connecting with such sites may also provide MCR with information via that third party in accordance with their policies and privacy selections on their sites (e.g., locations, postings, connections, etc.).
Information provided to or on third-party sites is subject to the privacy statement and terms of service on those sites. MCR encourages users to read the privacy policies of sites, applications and services before submitting personal information.
Because the security of personal information is important, MCR enables the use of Secured Socket Layer (“SSL”) browser transmission of personal information. If a user’s browser is SSL enabled, transmission of personal information to MCR online through the browser can be encrypted. Users can verify whether their personal information is transmitted using SSL encryption by confirming the symbol of a closed lock or solid key on the bottom bar of their browser window. Users can also verify that transmission of personal information is encrypted using SSL encryption by making certain that the prefix for the web address listed for that page has changed from “http” to “https”. If the appropriate symbol and the “https” prefix is not visible, a user should not assume that the personal information that they are being asked to provide will be encrypted prior to transmission. The personal information collected from users online through the Services is stored by MCR and/or MCR service providers on databases protected through a combination of physical and electronic access controls, firewall technology and other reasonable security measures. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal information and MCR is not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. MCR will also seek to require MCR’s affiliates and service providers with which MCR shares personal information to exercise reasonable efforts to maintain the confidentiality of personal information shared by MCR. For online transactions, MCR uses reasonable technology to protect personal information provided to MCR via the Services. Unfortunately, however, no security system or system of transmitting data over the Internet can be guaranteed to be entirely secure. Use of the Services and related applications and transmission of data is at the user’s own risk. Use caution in using electronic communications and media. Do not share passwords.
For privacy protection, MCR encourages users not to include sensitive personal information in any emails sent to MCR, and to not send payment card or account numbers or any sensitive personal information to MCR via email.
MCR will not contact users by mobile/text messaging or email to ask for confidential personal information or payment card or account details. MCR will only ask for confidential personal information or payment card or account details by telephone or website when users are booking a reservation or promotional package by telephone.
If you would like to review, correct, update, suppress, restrict or delete personal information that you have previously provided to us, or if you would like to receive an electronic copy of your personal information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by law), you can contact us at firstname.lastname@example.org.
In your request, please make clear what personal information you would like to have changed, whether you would like to have your personal information removed from our database, or other limitations you would like to put on our use of your personal information. We may reject your request, as permitted by applicable law.
We reserve the right to verify your identity in connection with any requests regarding personal information to help ensure that we provide the information we maintain to the individuals to whom it pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that information. We will try to comply with your request as soon as reasonably practicable.
Please note that we often need to retain certain data, including account data, for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or reservation, or enter a promotion, you may not be able to change or delete the personal information provided until after the completion of such purchase, reservation, or promotion). There may also be residual data that will remain within our databases and other records, which we may keep, to the extent permitted by applicable laws. In addition, there may be certain data that we may not allow you to review for legal, security or other reasons.
MCR retains personal information for the period necessary to fulfill the purposes outlined in this Statement, unless a longer retention period is required or permitted by applicable law.
If contact information (mail address, fax number, email address or phone number) is provided, MCR may send information regarding MCR’s products and services or invitations to events by email, telephone, mobile/text messaging (including SMS, MMS and EMS) or post.
Communications preferences may be changed by writing to MCR (and including email address) at email@example.com.
You may unsubscribe from receiving marketing communications from MCR. However, even if you opt out of receiving such communications, we retain the right to send you non-marketing communications (such as order confirmation emails or changes in our website or mobile app terms).
We may transfer your personal information to countries other than the country in which you initially provided the information for the purposes described in this Privacy Statement. For example, if you are located outside of the United States, we typically transfer your personal information to the United States, where MCR is headquartered. The countries to which we transfer personal information may not have the same data protection laws as the country in which you initially provided the information.
We may transfer personal information from the European Economic Area (“EEA”) to countries that the European Commission has deemed to adequately safeguard personal information, in which case no additional safeguards are required in order to transfer this information. If we transfer your personal information to other countries, we will either transfer it subject to the recipient’s compliance with standard contractual clauses, EU-US Privacy Shield, or Binding Corporate Rules, or with your consent to the transfer, unless we are permitted by law to transfer personal information without such formalities.
Individual users who reside in California and have provided their personal information to MCR may request information about MCR’s disclosures of personal information to third parties for their direct marketing purposes and may also request that their personal information be corrected or deleted. Such requests must be submitted to MCR at firstname.lastname@example.org. Within thirty days of receiving such a request, MCR will provide a list of the categories of personal information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. MCR will, to the extent possible, provide the same level of service to users who exercise their rights under California law, but some personal information is required in order for MCR to provide services, such as fulfilling requests or keeping reservations. MCR reserves MCR’s right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.
MCR may modify this Statement from time to time. When MCR makes material changes to this Statement, MCR will post a link to the revised Statement on the homepage of the Services. Users can tell when this Statement was last updated by looking at the link and at the date at the top of the Statement. Any changes to MCR’s Statement will become effective upon posting of the revised Statement on the site. Use of the Services following such changes constitutes acceptance of the revised Statement then in effect.
Questions about this Statement or how MCR processes personal information may be submitted to MCR by email at email@example.com or by postal mail to:
MCR Hotels Marketing Group
One World Trade Center, Floor 86
New York, New York 10007