Effective June 1, 2022
Click here to see a Summary of Changes.
More specifically, this Policy summarizes how GrandLife® handles the personal and other information users of the Site provide while accessing and using the Site, including while making a reservation. Users of the Site include members of the general public.
By accessing the Site, you are indicating your agreement to this Policy. Please review this Policy carefully. GrandLife® reserves the right to change this Policy at any time. In the event of material changes to this Policy, the Site will contain a notice and summary of the changes. Changes will be effective immediately upon posting to the Site. However, except to the extent we receive your authorization or as permitted or required by applicable law, we will handle your personal information in accordance with the terms of the Policy in effect at the time of the collection. If you have any questions or concerns about the Policy, please contact us by calling 212-965-3275 or as provided below.
Information Collected. As you are probably aware, we may collect information from a variety of sources to operate the Site, carry out our business, comply with law and other purposes described herein.
GrandLife® may compile statistical information concerning the usage of the Site. This information allows GrandLife® to monitor its utilization and continuously improve its quality. Examples of this information would include, but not be limited to, the number of visitors to the Site, or to sections or pages within the Site, patterns of traffic flowing through the Site, length of time spent on the Site, or in sections or pages of the Site, the other sites that refer visitors to the Site, the pages of the Site that visitors frequently use as entry and exit points, utilization of the browser and operating systems and versions used by visitors to the Site. In order to compile this information, GrandLife® may collect and store your IP address, your operating system version, your browser version, the pages you visit within the Site, the length of time you spend on pages within the Site, the site from which you linked to ours, search terms you used in search engines which resulted in you linking to the Site, etc. While all of this information can be associated with the IP address your computer had while you visited the Site, it will not be associated with you as an individual, or associated with any other information you may submit through the Site, or that our hotels may store about you for any other purposes.
We also collect personal information such as: your contact information; and information related to products and services you buy or receive from us, such as in connection with making reservations, participation in membership or loyalty programs, participation in contests, sweepstakes, surveys or marketing programs. This personal information can include data such as name; personal or work contact information; personal characteristics, such as gender, date of birth, title, and nationality; income; passport number and date and place of issue; travel history; payment information, such as your payment card number, authentication information and other billing and account details associated with mobile billing; guest preferences; marketing and communication preferences; sensitive personal data relating to special accommodation requests; reviews and opinions; frequent flyer or similar membership program number and related information; information provided on membership and account applications; and other types of information that you choose to provide to us or that we may obtain about you. Similar information also may be collected about your family members or individuals with whom you are using our products and services. Additionally, we may collect employment history, and related information if you seek employment with us which might include your work history and salary information.
In addition, we collect other personal information in certain cases, such as email addresses, when you sign up to receive our electronic newsletter and/or other marketing and promotional materials. Your contact information and payment information is also collected when you use our reservation service.
We may, from time to time, collect information about third parties such as through your social media services consistent with your settings on such services, and from other third-party sources that are lawfully entitled to share your data with us. We use and share this information (and may add it to the other information we have on file for you) for the purposes described in this Policy.
Note that if you choose not to provide your personal information, we may be unable to provide the products, services, information, or assistance you are seeking.
If you would like more information about web tags and cookies associated with on-line advertising please visit the Network Advertising Initiative website http://www.networkadvertising.org (link is external) or http://www.allaboutcookies.org/ (link is external).
We may use analytics services, such as provided by Google Analytics, to help generate statistics about our Site’s traffic, sales, etc. for reports on our Site activity. The analytics services may transfer this information to third parties in case of a statutory obligation or if a third party processes data on behalf of that service. These analytics services will generate detailed statistics about a website’s traffic and traffic sources and measure conversions and sales. The information generated about your use of our Site, including your IP address, will be anonymized by use of the appropriate settings (“_anonymizelp()” function or equivalent). For more information on how anonymization works please see https://support.google.com/analytics/answer/2763052 (link is external).
Information of Children. The Site is not directed to children as the products and services on this Site are intended for persons 18 years of age and older. GrandLife® does not knowingly collect, use or disclose any personal information from children. If you are concerned about your child’s use of the Site, you may use web-filtering technology to supervise or limit access to the Site.
Personal Information Categories. We collect personal information in a variety of categories to carry out our business, operate the Site and comply with various state laws. This notice describes the categories of personal information we collect, or have collected, in the preceding 12 months and the purposes for which such personal information may be used.
|Personal Information Category||Sources of this Information|
|Identifiers (e.g., real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers)||Your interactions with our Sites, such as making room reservations, or when you stay with us.|
|Characteristics of protected classifications under State or Federal law (e.g., your gender or age)||Your interactions with our Sites, such as making room reservations, or when you stay with us.|
|Commercial information (e.g., information regarding products or services purchased, obtained, or considered)||Your interactions with our Sites, such as making room reservations, or when you stay with us.|
|Internet or Other Electronic Network Activity Information (e.g., browsing history, search history, and information regarding your interactions with our Sites)||
Your interactions with our Sites.
|Geolocation Data||Your interactions with our Sites or when you stay with us.|
|Professional or Employment-Related Information||If you apply for a job with, or work for us or make a reservation with us for business purposes.|
|Inferences||Your interactions with our Sites, such as making room reservations, or when you stay with us.|
|Personal information (such as name, address, telephone number, education, employment history, credit card or debit card number)||Your interactions with our Sites, such as making room reservations, or when you stay with us; when you apply for a job with us.|
|Audio, electronic, visual or similar information||When you leave voices messages for us or stay with us, for example, security cameras and room key use.|
Grandlife may add to the categories of personal information it collects and the purposes for which it uses personal information. In that case, Grandlife will inform you by updating this Policy.
The above categories of personal information are collected for the following business or commercial purposes: to operate, manage, and maintain our business, to provide our products and services, for vendor management purposes, and to accomplish our business purposes and objectives, including, for example, using personal information to: develop, improve, and maintain our products and services; personalize, advertise, and market our products and services; conduct research, analytics, and data analysis; maintain our facilities and infrastructure; undertake quality and safety assurance measures; conduct risk and security control and monitoring; detect and prevent fraud; perform identity verification; perform accounting, audit, and other internal functions, such as internal investigations; comply with law, legal process, and internal policies; maintain records; and exercise and defend legal claims.
The above categories of personal information are sometimes shared with: :(i) service providers we engage under contract to help us run our business, such as reservation service providers, marketing service providers and event planners and (ii) website analytics providers, such as Google Analytics.
In the preceding 12 months, we disclosed the following personal information to our service providers for our operational business purposes:
- Identifiers, such as name, nationality, passport, visa or other government-issued identification data, and online identifiers;
- Personal information, such as name, contact information, employment, employment history, and financial information;
- Characteristics of protected classifications under State or federal law, such as gender, age, medical conditions, primary language, national origin, citizenship, and marital status;
- Commercial information, such as transaction information, purchase history, financial details, payment methods, and membership or loyalty program data;
- Internet or network activity information, such as browsing history and interactions with our and other websites and computer systems;
- Geolocation data, such as device location and IP location;
- Audio, electronic, visual and similar information, such as images and audio, video or call recordings created in connection with our business activities;
- Inferences drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.
Use of Information. In general, we will use the information we collect about you only for the purpose it was collected, for compatible purposes, as permitted or required by law, as necessary to carry out our contractual duties and obligations, and as otherwise provided in this Policy. For example, we may use your personal information to:
- Provide you with the products and/or services you have purchased or requested. This might include establishing an on-line profile, making a reservation, or making improvements in the design and administration of the Site.
- Market our products or services that we think may be of interest to you. For example, we may use your personal information to send you newsletters and promotions using any communications preferences you have expressed. We use your information to provide in-stay messaging, account alerts, and reservation confirmations; to send you marketing messages; and to conduct surveys, sweepstakes, prize draws, and other contests. We may provide these communications via email, postal mail, online advertising, social media, telephone, text message (including SMS and MMS), push notifications, in-app messaging, and other means. With your consent, we also use user-generated content (such as photos) from social media services to deliver display advertising or on our Site and apps.
Disclosure of Information. In general, we will not disclose your personal information except with your consent and as described in this Policy. We may disclose your personal information for the same reasons that we may use it as described in this Policy, which includes disclosing it to our affiliates and non-affiliated entities, as we deem necessary to carry out those purposes. For example, and without limitation, GrandLife® may need to use or disclose this information with its outside vendors to manage the Site; process payments and requests for products and services; provide you with products, services, or offers; coordinate your participation in our loyalty reward or similar programs; engage in marketing activities, such as sharing personal information with our partners to deliver advertisements to our customers; enhance our services by, among other methods, obtaining assistance with providing more personalized services to you through analytics and other technologies; and protecting GrandLife’s® interests and legal rights, such as through responding to subpoenas and defending litigation. We endeavor to choose affiliates and non-affiliates with similar standards to ours regarding the protection of personal information.
In no case will GrandLife® sell or license personal information to third parties, except as required or permitted by law. For example, we may sell, assign or share personal information in connection with certain business transactions, such as the acquisition of all or substantially all of GrandLife’s® assets. In such cases, we will take appropriate steps under the circumstances and to the extent possible to ensure that the recipient agrees to provide privacy protections substantially similar to those established by this Policy.
Do Not Track. “Do Not Track” is a privacy preference that you can set in your Internet search browser that sends a signal to a website that you do not want the website operator to track certain browsing information about you. However, because our Site is not configured to detect Do Not Track signals from a user’s computer, we are unable to respond to Do Not Track requests.
Safeguarding of Information. No system for safeguarding personal or other information is 100% secure. However, we take a number of steps to safeguard the security of personal information obtained through the Site. For example, we use Secure Socket Layer (SSL) data encryption when data is transmitted over the Internet to our Site. We have installed layered firewalls and other security technologies to help prevent unauthorized access to our systems. Our data centers are maintained in a secure environment with appropriate security measures. Our employees are trained to understand the importance of confidentiality and are required to adhere to our privacy policies and procedures. Employees who violate these policies and procedures are subject to disciplinary action. We employ numerous practices to protect against the disclosure of information for purposes unrelated to the performance of our business functions or to individuals other than those who must use it in the course of their work activities. These practices include the use of password protection of computer files, e-mail and voice-mail, video surveillance, and other physical, electronic, and procedural safeguards.
Your Rights in Relation to Your Personal Information. At any time, you have the right:
- to be informed about the processing of your personal information (i.e., for what purposes, to what recipients it is disclosed, storage periods, any third-party sources from it was obtained and confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance, and envisaged consequences);
- to request access to or a copy of your personal information;
- to request inaccuracies relating to your personal information be corrected;
- to request the erasure of your personal information. Please see “Right to Request Deletion” section below for more details;
- to restrict and/or object to the processing of your personal information;
- to withdraw consent to our processing of your personal information (to the extent such processing is based on previously obtained consent);
- to opt out of the processing of your personal information for the purposes of (i) targeted advertising, (ii) the sale and/or sharing of your personal information, or (iii) profiling in the furtherance of decisions that produce legal or similar significant effects.
- to data portability (moving some of your personal data elsewhere) in certain circumstances;
- to not be subjected to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal information;
- to lodge a complaint with the Supervisory Authority in your jurisdiction;
- to request and receive disclosure of our personal information collection practices during the prior 12 months, including the categories of personal information we collect, the categories of sources of such information, our business purpose for collecting or sharing such information, the categories of third parties with whom we share such information, and the specific prices of personal information we have collected about you;
- to request and receive disclosure of our information sale practices during the prior 12 months, including a list of the categories of our personal information that we disclosed for a business purpose and the categories of third-party recipients;
- to request information regarding the disclosure of your personal information by GrandLife® to third parties for the third parties’ direct marketing purposes. Requests may be made one time per calendar year. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g., requests made in 2018 will receive information regarding 2017 sharing activities). You may submit your request using the contact information at the end of this Policy; and
- if you are under the age of 18, and a registered user of any site where this Policy is posted, State law permits you to request and obtain removal of content or information you have publicly posted. You may submit your request using the contact information at the end of this Policy. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
Right to Request Deletion. You have the right to request that we delete your personal information from our records and direct any service providers to delete your personal information from their records, subject to certain exceptions. Upon receipt of a verifiable consumer request, we will delete and direct any service providers to delete your personal information from its records. However, we are not required to comply with your request to delete your personal information if it is necessary for us (or its service providers) to maintain your personal information in order to:
- complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between us and you;
- detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
- debug to identify and repair errors that impair existing intended functionality;
- exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
- comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent;
- to enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
- comply with a legal obligation; or
- otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Upon receipt of a verifiable consumer request, we will provide a response to your request for information.
PLEASE NOTE: We do not sell or share your Personal Information or Sensitive Personal Information to third parties who are not under contract with us to support our business.
If you wish to exercise any of the rights detailed above, please contact us at DPO@grandlifehotels.com or by phone at (212) 965-3275. Also, if you wish to unsubscribe from any of our newsletters or other communications for which you have registered, you may email us at DPO@grandlifehotels.com.
Manage Your Personal Information. To submit any of the Consumer Rights requests as outlined above, please contact us using this form or by calling toll-free: 1-800-218-9316. We will respond to your request consistent with applicable law.
We reserve the right to only respond to verifiable consumer requests. A verifiable consumer request is one made by any individual who is:
- the consumer who is the subject of the request,
- a consumer on behalf of the consumer’s minor child, or
- by a natural person or person registered with the Secretary of State authorized to act on behalf of a consumer.
If Grandlife requests, you must provide us with sufficient information to verify your identity and/or authority to act on behalf of a Consumer. Additionally, you will need to describe your request with sufficient detail to allow us to review, understand, assess, and respond. Personal information collected from an individual to determine whether a request is a verifiable consumer request may not be used for any other purpose. We will endeavor to respond to a verifiable consumer request within forty-five (45) days of receipt, but we may require up to ninety (90) days to respond, under which circumstances we will notify you of the need for an extension.
Right to Appeal. Under applicable law, if Grandlife decides it will not act on a request made by you under the provisions of this Policy, you may appeal the decision by contacting the DPO in writing via mail or email at:
Data Privacy Officer
Hartz Hotel Services, Inc.
500 Plaza Drive, 6th floor
Secaucus, NJ 07094
Grandlife will inform you of its decision within 45 days of receiving your appeal. You may also contact the office of your State Attorney General if you have concerns about the results of your appeal.
European Economic Area Residents
If you are a resident of the European Economic Area, please read the following:
We make every attempt to process your personal information in accordance with the requirements of the General Data Protection Regulation (GDPR) and the ePrivacy Directive. In addition to the information provided above, residents of the European Economic Area should be aware of the following:
As a resident of the EEA, you may have certain additional rights, subject to limitations regarding the processing of your personal information. These may include the right to consent (opt-in) to the processing of your personal information.
We retain your personal information only for the period of time needed to fulfill the purposes stated in this Policy. These rights may not apply to individuals residing outside of the EEA.
Nondiscrimination. We will not discriminate against you for exercising any of your rights. For example, we generally will not provide you a different level or quality of goods or services if you exercise your rights under this Policy.
Applicable Law. This Policy is governed by the internal substantive laws of State of New York, without regard to its conflict of laws principles. Any claims arising under or out of this Policy shall be filed only in the United States District Court for the District of New York or, if there is no federal jurisdiction over the action, in the courts of the State of New York located in Kings County, New York. If any provision of this Policy is found to be invalid by a court having competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of this Policy, which shall remain in full force and effect.
If you have any questions regarding this Policy or our policies in the event of a compromise of your information, you may contact us at:
Data Privacy Officer
Hartz Hotel Services, Inc.
500 Plaza Drive, 6th floor
Secaucus, NJ 07094
GrandLife® is a co-marketing brand for the Soho Grand Hotel and The Roxy Hotel. GrandLife® is a registered trademark of Hartz Hotel Services, Inc., the management company for Soho Grand Hotel, Inc. and Tribeca Grand Hotel, Inc. (dba The Roxy Hotel).
The European Economic Area includes the following countries: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the United Kingdom and Iceland, Liechtenstein and Norway.