This policy will cover two types of information gathered at the Site, personal and aggregated. The term “personal information” refers to data you voluntarily provide while using the Site that identifies you and/or the company or group on whose behalf you are accessing and using the Site. Examples of personal information may include data collected in connection with our services, such as your name, e-mail address, phone number, company affiliation, physical address and/or certain other personal information. The term “aggregated data” refers to general information regarding Site visitors and users that relates specifically to the Site, e.g., traffic patterns, number of visits to certain pages, visits from other web sites or to third-party web sites linked to the Site, use of particular services and interest in services, information or features of the Site or other parties made available through or found at the Site.
Costa Kitchen & Bar seeks to ensure that the personal information we obtain from you is not used in a way that you may not be aware of or to which you may not be agreeable. You may wish to submit an information request about the Restaurant, participate in one of our promotions or subscribe to our e-mail or postal mail lists. In response, we may ask for information such as your name and postal address. In the event you opt to provide us with this information, we will only use it for the purpose specified by you when providing such information. In deciding whether or not to join such lists, please note that they are only used for Costa Kitchen & Bar purposes. We do not sell, rent or share any of your personal information with any other party, including third-party joint promoters, nor do we use it for commercial purposes, with the exception of the reservation interface and our e-mail notification program. You may request to be removed from our lists at any time. All emails distributed to our lists will contain easy, online access to unsubscribe.
PERMISSION FOR USE
WITHDRAWING CONSENT TO USE
USE OF AGGREGATED DATA
Costa Kitchen & Bar is interested in improving the Site and may develop and offer new features and services. We monitor aggregated data regarding use of the Site for marketing purposes and to study, improve and promote use of the Site. In connection with such purposes, Costa Kitchen & Bar may share aggregated data with third parties collectively and in an anonymous way. Disclosure of aggregated data does not reveal personal information about individual Site users in any way that identifies who they are or how to contact them.
(1) Costa Kitchen & Bar may monitor and, when we believe in good faith that disclosure is warranted, disclose information to protect the security, property, assets and/or rights of Costa Kitchen & Bar from unauthorized use, or misuse, of the Site or anything found at the Site.
(2) Costa Kitchen & Bar may, to the extent necessary, disclose information when required by law.
To enable features at the Site, Costa Kitchen & Bar may assign one or more “cookies” to your Internet browser. Cookies, among other things, speed navigation though our Site, keep track of information so that you do not have to re-enter it each time you visit our Site, and may provide you with customized content. A cookie is an Internet mechanism composed of a small text file containing a unique identification number that permits a web server to send small pieces of information or text by means of your browser and place them on your computer’s hard drive for storage. This text lets the web server know if you have previously visited the web page. Cookies by themselves cannot be used to find out the identity of any user.
CHILDREN’S PRIVACY & PARENTAL CONSENT
Please be aware that Costa Kitchen & Bar has designed this Site to be used for information only purposes by all ages; however, as with any Site parental consent is encouraged.
You must be at least 18 years old to submit personal information on our Site. Should Costa Kitchen & Bar inadvertently acquire personal information or any other data from users under the age of 18, Costa Kitchen & Bar will not knowingly provide this data to any third party for any purpose whatsoever, and any subsequent disclosure by the Costa Kitchen & Bar would be due to the fact the user under 18 used the Site and submitted personal information without solicitation by or permission from Costa Kitchen & Bar.
LINKS PROVIDED TO OTHER SITES
Costa Kitchen & Bar may provide links to a number of other web sites that we believe might offer you useful information and services. However, those sites may not follow the same privacy policies of Costa Kitchen & Bar. Therefore, we are not responsible for the privacy policies or the actions of third parties, including without limitation, any web site owners whose sites may be reached through this Site, nor can we control the activities of those web sites. We urge you to contact the relevant parties controlling these sites or to access their on-line policies for the relevant information about their data collection practices before submitting any personal information or other sensitive data.
WHAT INFORMATION IS SECURE? WHAT ISN’T?
E-mail communication to and from our site is not secure unless clearly noted otherwise. This is a risk inherent in the use of e-mail. Please be aware of this when requesting information or sending forms to us by e-mail.
When working with our internal database created by online opt-in activity on the Costa Kitchen & Bar site, we employ industry standard encryption technologies to help protect consumer data.
POLICY MODIFICATIONS & CONTACTING THE GWEN HOTEL
Costa Kitchen & Bar
1111 E Cabrillo Blvd, Santa Barbara, CA 93103
Mail any Inquiries to:
Costa Kitchen & Bar
1111 E Cabrillo Blvd, Santa Barbara, CA 93103
PRIVACY STATEMENT UPDATE AS OF MAY 24, 2018
Merritt Hospitality, LLC, a Delaware limited liability company, doing business as HEI Hotels & Resorts (hereinafter “HEI”) and its affiliates, values you as our guest. HEI is a third party hotel manager that oversees the operations of its hotel properties on behalf its owners. We recognize and understand that privacy and protection of your information is important to you. We want you to be familiar with how we collect, use and disclose data.
This Privacy Statement describes below the privacy practices of HEI for data that we collect:
- When you access websites operated by us from which you are viewing this Privacy Statement, including www.heihotels.com and other websites owned or controlled by HEI on behalf of itself or its owners (collectively, the “Websites”)
- By way of accessing software applications made available by us for use on or through computers and mobile devices (the “Apps”)
- When you access our social media pages that we control on behalf of itself or its owners from which you are viewing this Privacy Statement (collectively, our “Social Media Pages”)
- Via HTML-formatted email messages that we send you that link to this Privacy Statement and through your communications with us.
- When you visit or stay as a guest at one of our properties.
Collectively, we refer to the Websites, the Apps and our Social Media Pages, as the “Online Services” and, together with offline channels, the “Services.” By using the Services, you agree to the terms and conditions of this Privacy Statement.
Personal data applies to any data that can identify you as an individual or relate to an identifiable individual. At various points during your stay and experience with HEI, we collect Personal Data in accordance with law, such as:
- Postal address
- Telephone number
- Email address
- Credit and debit card number or other payment data
- Financial information in limited circumstances
- Language preference
- Date and place of birth
- Nationality, passport, visa or other government-issued identification data
- Important dates, such as birthdays, anniversaries and special occasions
- Membership or loyalty program data (including co-branded payment cards, travel partner program affiliations)
- Employer details
- Travel itinerary, tour group or activity data
- Prior guest stays or interactions, goods and services purchased, special service and amenity requests
- Geolocation information
- Social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts
In more limited circumstances, we also may collect:
- Data about family members and companions, such as names and ages of children
- Biometric data, such as digital images
- Images and video and audio data via: (a) security cameras located in public areas, such as hallways and lobbies, in our properties; and (b) body-worn cameras carried by our loss prevention officers and other security personnel
- Guest preferences and personalized data (“Personal Preferences”), such as your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit
If you submit any Personal Data about other people to us or our Service Providers (e.g., if you make a reservation for another individual), you represent that you have the authority to do so and you permit us to use the data in accordance with this Privacy Statement.
How We Collect Personal Data
We collect Personal Data in a variety of ways:
- Online Services. We collect Personal Data when you make a reservation, purchase services from our Websites or Apps, communicate with us, or otherwise connect with us or post to social media pages, or sign up for a newsletter or participate in a survey, contest or promotional offer.
- Property Visits and Offline Interactions. We collect Personal Data when you visit our properties or use on-property services and outlets, such as restaurants, concierge services, health clubs, child care services, and spas. We also collect Personal Data when you attend promotional events that we host or in which we participate, or when you provide your Personal Data to facilitate an event.
- Customer Care Centers. We collect Personal Data when you make a reservation over the phone, communicate with us by email, fax or via online chat services or contact customer service.
- Owners and Franchisees. We collect Personal Data from Owners of HEI properties that we manage on their behalf.. Owners and Franchisees are independent from the HEI.
- Strategic Business Partners. We collect Personal Data from companies with whom we partner to provide you with goods, services or offers based upon your experiences at our properties or that we believe will be of interest to you (“Strategic Business Partners”). Examples of Strategic Business Partners include on-property outlets, travel and tour partners, rental car providers and travel booking platforms. Strategic Business Partners are independent from HEI.
- Other Sources. We collect Personal Data from other sources, such as public databases, joint marketing partners and other third parties.
- Internet-Connected Devices. We collect Personal Data from internet-connected devices available in our properties. For example, a smart home assistant may be available for your use and to tailor your accommodations and experience.
- Physical & Mobile Location-Based Services We collect Personal Data if you download one of our Apps or choose to participate in certain programs. For example, we may collect the precise physical location of your device by using satellite, cell phone tower, WiFi signals, or other technologies. We will collect this data if you opt in through the App or other program (either during your initial login or later) to receive the special offers and to enable location-driven capabilities on your mobile device. If you have opted-in, the App or other program will continue to collect location data when you are in or near a participating property until you log off or close application (i.e., the App or other program will collect this data if it is running in the background) or if you use your phone’s or other device’s setting to disable location “Other Data” are data that generally do not reveal your specific identity or do not directly relate to an individual. To the extent Other Data reveal your specific identity or relate to an individual, we will treat Other Data as Personal Data. Other Data include:
- Browser and device data
- App usage data
- Data collected through cookies, pixel tags and other technologies
- Demographic data and other data provided by you
- Aggregated data on capabilities for the Marriott Group App or other program.
How We Collect Other Data
We collect Other Data in multiple ways
- Your browser or device. We collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to ensure that the Online Services function properly.
- Your use of the Apps. We collect certain data when you download and use an App, such as App usage data, the date and time the App on your device accesses our servers and what data and files have been downloaded to the App based on your device number.
- We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data. We use the data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalize your experience while using the Online Services and to recognize your computer to assist your use of the Online Services. We also gather statistical data about use of the Online Services to continually improve design and functionality, understand how they are used and assist us with resolving questions.
- If you do not want data collected with cookies, you can learn more about controlling cookies at: http://www.allaboutcookies.org/manage-cookies/index.html .
- You can choose whether to accept cookies by changing the settings on your browser or by managing your tracking preferences by clicking on “Tracking Preferences” located at the bottom of our home page. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Online Services. For example, we will not be able to recognize your computer, and you will need to log in every time you visit. You also will not receive advertising or other offers from us that are relevant to your interests and needs. At this time, we do not respond to browser “Do-Not-Track” signals.
- Pixel Tags and other similar technologies. We collect data from pixel tags (also known as web beacons and clear GIFs), which are used with some Online Services to, among other things, track the actions of users of the Online Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Online Services.
- Adobe Flash technology (such as Flash Local Shared Objects (“Flash LSOs”)) and other similar technologies. We collect data through Flash LSOs and other technologies on some Websites to, among other things, collect and store data about your use of the Online Services. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panelat http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html. . You can also control Flash LSOs by going to the Global Storage Settings Panel at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html and following the instructions (which include instructions that explain, for example, how to delete existing Flash LSOs (referred to as “information” on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without you being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including those used with the Online Services. For more information, please refer to https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html .
- Your IP Address. We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.
Aggregated Data. We may aggregate data that we collected and this aggregated data will not personally identify you or any other user.
Use of Personal Data and Other Data
We use Personal Data and Other Data to provide you with Services, to develop new offerings and to protect HEI and our guests as detailed below. In some instances, we will request that you provide Personal Data or Other Data to us directly. If you do not provide the data that we request, or prohibit us from collecting such data, we may not be able to provide the requested Services.
We use Personal Data and Other Data for our legitimate business interests, including the following:
- Provide the Services you request. We use Personal Data and Other Data to provide Services you request, including:
- To facilitate reservations, payment, send administrative information, confirmations or pre-arrival messages, to assist you with meetings and events and to provide you with other information about the area and the property at which you are scheduled to visit
- To complete your reservation and stay, for example, to process your payment, ensure that your room is available and provide you with related customer service
- To support our electronic receipt program. When you provide an email address in making a reservation, we use that email address to send you a copy of your bill. If you make a reservation for another person using your email address, that person’s bill will be emailed to you, as well. You can opt out of receiving your bill via email and instead receive a paper copy by contacting the front desk
- We will use Personal Data and Other Data to manage our contractual relationship with you, because we have a legitimate interest to do so and/or to comply with a legal obligation.
- Personalize the Services according to your Personal Preferences. We use Personal Data and Other Data to personalize the Services and improve your experiences, including when you contact our call center, visit one of our properties or use the Online Services, to:
- Customize your experience according to your Personal Preferences
- Present offers tailored to your Personal Preferences
- Communicate with you about goods and services according to your Personal Preferences. We use Personal Data and Other Data to:
- Send you marketing communications and promotional offers, as well as periodic customer satisfaction, market research or quality assurance surveys
- Loyalty Programs. We use Personal Data and Other Data to:
- Offer and manage your participation in our global loyalty programs, as well as others that are specific to certain properties or tailored to your interests
- Send you offers, promotions and information about your account status and activities
- Assess your benefits
- Administer points earned through co-branded credit cards
- Manage your choices regarding how you wish to earn, track and use your points
- We will use Personal Data and Other Data in this way with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest to do so.
- Sweepstakes, activities, events and promotions. We use Personal Data and Other Data to allow you to participate in sweepstakes, contests and other promotions and to administer these activities. Some of these activities have additional rules and may contain additional information about how we use and disclose your Personal Data. We suggest that you read any such rules carefully.
- We use Personal Data and Other Data in this way with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest to do so.
- Business Purposes. We use Personal Data and Other Data for data analysis, audits, security and fraud monitoring and prevention (including with the use of closed circuit television, card keys, and other security systems), developing new goods and services, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
- We use Personal Data and Other Data in this way to manage our contractual relationship with you, comply with a legal obligation and/or because we have a legitimate interest to do so.
Disclosure of Personal Data and Other Data
Our goal is to provide you with the highest level of hospitality and, and to assist us with doing so do so, we share Personal Data and Other Data with the following:
- We disclose Personal Data and Other Data to other companies within HEI for the purposes described in this Privacy Statement, such as providing and personalizing the Services, communicating with you, facilitating the loyalty programs, and to accomplish our business purposes. HEI is the party responsible for the management of the jointly-used Personal Data on behalf of its owners. We share your Personal Data and Other Data used for making a reservation with the applicable property to fulfill and complete your reservation.
- Owners and Franchisors. We disclose Personal Data and Other Data to Owners and Franchisors of HEI for the purposes described in this Privacy Statement, such as providing and personalizing the Services and facilitating the loyalty programs.
- Strategic Business Partners. We disclose Personal Data and Other Data with select Strategic Business Partners who provide goods, services and offers that enhance your experience at our properties or that we believe will be of interest to you. By sharing data with these Strategic Business Partners, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables spa, restaurant, health club, concierge and other outlets at our properties to provide you with services. This sharing also enables us to provide you with a single source for purchasing packages that include travel-related services, such as airline tickets, rental cars and vacation packages.
- Service Providers. We disclose Personal Data and Other Data to third-party service providers for the purposes described in this Privacy Statement. Examples of service providers include companies that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services.
- Corporate Reorganization. We may disclose or transfer your Personal Data and Other Data to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of the HEI’s business, assets or stock (including any bankruptcy or similar proceedings).
Other Uses and Disclosures
We will use and disclose Personal Data as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect the rights, privacy, safety or property of HEI, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
We may use and disclose Other Data for any purpose, except where we are not allowed to under applicable law. In some instances, we may combine Other Data with Personal Data (such as combining your name with your location). If we do, we will treat the combined data as Personal Data as long as it is combined.
This Privacy Statement does not address, and we are not responsible for the privacy, data or other practices of any entities outside of HEI, including Franchisors, Owners, Strategic Business Partners or any third party operating any site or service to which the Services link, payment service, loyalty program, or website that is the landing page of the high-speed Internet providers at our properties. The inclusion of a link on the Online Services does not imply endorsement of the linked site or service by us. We have no control over, and are not responsible for, any third party’s collection, use and disclosure of your Personal Data.
In addition, we are not responsible for the data collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Data you disclose to other organizations through or the Apps or our Social Media Pages.
We seek to use reasonable organizational, technical and administrative measures to protect Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section, below.
Choices, Access and Retention
You have choices when it comes to how we use your data and we want to ensure you have the information to make the choices that are right for you.
If you no longer want to receive marketing-related emails, you may opt out by visiting our unsubscribe page by writing an email to firstname.lastname@example.org or by following the instructions in any such email you receive from us.
We will try to comply with your request as soon as reasonably practicable. If you opt out of receiving marketing emails from us, we may still send you important administrative messages, from which you cannot opt out.
Special Notice for California Residents: Customers who reside in California and have provided their Personal Data to us can request, once per calendar year, information about our sharing of certain categories of Personal Data to third parties and within HEI for their direct marketing purposes. Such requests should be submitted to us at email@example.com or in writing at:
Merritt Hospitality, LLC
d/b/a HEI Hotels & Resort
101 Merritt 7
Norwalk, CT 06851
ATTN: Brad Koch, Chief Technology Officer
We will provide a list of the categories of Personal Data disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.
How You Can Access, Change or Suppress Your Personal Data
If you would like to review, correct, update, suppress, restrict or delete Personal Data that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by law), you can contact us at firstname.lastname@example.org so or by mail:
Merritt Hospitality, LLC
d/b/a HEI Hotels & Resort
101 Merritt 7
Norwalk, CT 06851
ATTN: Brad Koch, Chief Technology Officer
In your request, please make clear what Personal Data you would like to have changed, whether you would like to have your Personal Data suppressed from our database, or other limitations you would like to put on our use of your Personal Data. For your protection, we only fulfill requests for the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before fulfilling your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we often need to retain certain data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or reservation, or enter a promotion, you may not be able to change or delete the Personal Data provided until after the completion of such purchase, reservation, or promotion). There may also be residual data that will remain within our databases and other records, which will not be removed. In addition, there may be certain data that we may not allow you to review for legal, security or other reasons.
We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law.
The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services)
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
- Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation, etc.)
Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data (e.g., social security numbers, national identification number, data related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, trade union membership, or administrative or criminal proceedings and sanctions).
If you have any questions about this Privacy Statement, please contact us at email@example.com, or by mail:
Merritt Hospitality, LLC
d/b/a HEI Hotels & Resort
101 Merritt 7
Norwalk, CT 06851
ATTN: Brad Koch, Chief Technology Officer
Because your email communications to us may not always be secure, please do not include credit card or Sensitive Data in your emails to us.