ONLINE PRIVACY POLICY

The Marker San Francisco and/or any affiliated entities (the “Company” or “we”) has developed this privacy policy out of respect for the privacy of our customers, visitors to our website, job applicants, and independent contractors. This policy describes the personal information we collect, use, process, and disclose about individual consumers, applicants, and contractors who visit or interact with this website, visit any of our offices, facilities or locations, purchase or inquire about any of our products or services, contract with us to provide services, apply for a position of employment, or otherwise interact or do business with us.

Whenever you visit our website, we will collect some information from you automatically simply by you visiting and navigating through this site, and some voluntarily when you submit information using a form on the website, enroll in or subscribe to our newsletter or marketing communications, request information, or use any of the other interactive portions of our website. Through this website, we will collect information that can identify you and/or your activity.

Additionally, whenever you communicate, interact or do business with us, whether online or at any of our physical locations or facilities, or whether you are contracted to perform services for us or apply for a position of employment, we will be collecting personal information from you or about you in the course of our interaction or dealings with you.

This policy does not apply to our current and former employees and their family members, dependents, and beneficiaries; if you are a California resident who is a current or former employee of the Company or a family member, dependent, or beneficiary of any of our current or former employees, you may request access to our Employee Privacy Policy by sending an email to wecare@crescenthotels.com.

Fee Transparency & 24-Hour Cancellation

Collection and Processing of Personal Information and Sensitive Personal Information

The table below lists the categories of personal information and data we collect and process about you based on your specific transactions and interactions with our website, including the personal information and data collected and processed in the last 12 months. Foreach category of information, the categories of third parties and service providers to whom we disclose and have disclosed the information and data in the last 12 months are referenced by a letter that coincides with the letter in the list of categories of service providers and third parties that follows soon after this table.
Category Examples Disclosed in Last 12 Months To Sold or Shared, Including in Last 12 Months, To Retention Period
Personal Identifiers Name, alias, social security number, date of birth, driver’s license or state identification card number, passport number, vehicle ID / license plate number, Company ID number, loyalty card number (if applicable). A, B, D, E, F, G, H, I, J, K, L, M, N, R Not Sold

Shared with E
Duration of our relationship with you, or from date of our last interaction or transaction, plus 5 years, whichever is longer.

If you are a job applicant and are hired by the Company, then name will be retained permanently, and the rest will be retained for duration of employment plus 6 years. If you are not hired, this data will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer.
Contact Information Home, postal or mailing address, email address, home phone number, cell phone number. A, B, D, E, F, G, H, I, J, K, L, M, N, R Not Sold

Shared with E
Duration of our relationship with you, or from date of our last interaction or transaction, plus 5 years, whichever is longer.

If you are a job applicant and are hired by the Company, this will be retained permanently. If you are nothired, this data will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer.
Account Information Username and password for Company accounts and systems (including where a job applicant or candidate must create an account to apply for a job), and any required security or access code, password, security questions, or credentials allowing access to your Company accounts. L, R Not Sold or Shared Username: permanent;

Password or security code: while in use + 2 year
Protected Classifications Race, ethnicity, national origin, sex, gender, sexual orientation, gender identity, religious or philosophical beliefs, age, disability, medical or mental condition, military status, familial status, union membership, citizenship status, immigration status. A, D, K, R Not Sold or Shared Duration of our relationship with you, or from date of our last interaction or transaction, plus 5 years, whichever is longer.

This data is not collected from job applicants (unless required by law or government contract).
Commercial Transactional Data Information regarding products or services provided, purchasing history, reservation details such as location and dates of hotel stay, products/services utilized or purchased, event details (if applicable) and hotel rates.

A, B, C, E, F, G, H, N, M, R Not Sold

Shared with E
4 years after transaction, unless necessary to maintain for a longer period for product warranty, OSHA or other regulatory compliance
Biometric Data Fingerprints, retina scans, facial recognition, handprint. Not Disclosed other than to the vendor we engaged to process this data Not Sold or Shared While in use for identity verification, plus 1 year.

Not collected from job applicants.
Internet, Network and Computer Activity Date and time of your visit to this website; webpages visited; links clicked on the website; browser ID; browser type; device ID; operating system; form information downloaded; domain name from which our site was accessed; search history; and cookies; internet or other electronic network activity information related to usage of Company networks, servers, intranet, or shared drives, as well as Company-owned computers and electronic devices, including system and file access logs, security clearance level, browsing history, search history, and usage history. F, H, L Not Sold

Shared with E
3 years
Geolocation Data IP address and/or GPS location, latitude & longitude. L Not Sold

Shared with E
3 years
Mobile Device Data Information collected when you navigate, access or use any of our websites via mobile device, including device type, software type; data identifying your device if you access our business networks and systems, including cell phone make, model, and serial number, cell phone number, and cell phone provider. B, E, F, H Not Sold

Shared with E
3 years
Financial Information For customers, credit card or other payment card account information.


Information on independent contractors contained in invoices billed to the Company and in records of payment made to you by the Company, or other financial account information.

Information contained in financial records provided by you for any accounting related services.
A, H, I, J Not Sold or Shared For payment card information, retained for transaction only and deleted after transaction processed.

Duration of our relationship with you, or from date of our last interaction or transaction, plus 5 years, whichever is longer.
Inferences Based on analysis of your activity on the website, we may develop inferences regarding an individual’s preferences and characteristics.

For job applicants, based on analysis of the personal information collected, we may develop inferences regarding job applicants’ predispositions, behavior, attitudes, intelligence, abilities, and aptitudes for purposes of recruiting and hiring assessments and decisions.
B, E, F, H Not Sold

Shared with E
Job Applicants: Not Sold or Shared
Duration of our relationship with you, or from date of our last interaction or transaction, plus 5 years, whichever is longer.

Job Applicants: If hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer.
Online Portal and Mobile App Access and Usage Information Username and password, account history, usage history, file access logs, security clearance level, and any information submitted through the account. L Not Sold or Shared 3 years
Visual, Audio or Video Recordings Your image when recorded or captured in surveillance camera footage or pictures of you taken on our premises, at functions or events or that you share with us; audio recordings of calls and virtual meetings as disclosed to you at the time of the call; in pictures or video posted on social media to which the Company has access or that are submitted to the Company by a third party. L Not Sold or Shared Surveillance video – 60 days; the rest of this category is retained for duration of our relationship with you, or from date of our last interaction or transaction, plus 5 years, whichever is longer.
Pre-Hire Information (Job Applicants Only) Information gathered on job applicants as part of background screening and reference checks, pre-hire drug test results, information recorded in job interview notes by persons conducting job interviews for the Company, information contained in candidate evaluation records and assessments, information in work product samples you provided, and voluntary disclosures by you. I, J, K Not Sold or Shared If hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer.
Employment and Education History

(Job Applicants Only)
Information contained in job applicants’ resumes regarding educational history, information in transcripts or records of degrees, vocational certifications obtained, and information regarding prior job experience, positions held, and when permitted by applicable law your salary history or expectations.

I, J, K Not Sold or Shared If hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer.
Pre-Contract Information

(Independent Contractors Only)
For independent contractors, information you provided in your portfolio or proposal for services, information gathered as part of vendor evaluation and reference checks and other assessments of your qualifications to provide services to the Company, information in work product samples you provided, and voluntary disclosures you provided to Company. I, J Not Sold or Shared Duration of our relationship with you, or from date of our last interaction or transaction, plus 5 years, whichever is longer.
Professional History (Independent Contractors Only) For independent contractors, information regarding prior experience, positions held, and names of prior clients to which you provided services. Not Sold or Shared Duration of our relationship with you, or from date of our last interaction or transaction, plus 5 years, whichever is longer.
Education Information (Independent Contractors Only) For independent contractors, information regarding educational history and records of degrees and vocational certifications obtained. Not Sold or Shared Duration of our relationship with you, or from date of our last interaction or transaction, plus 5 years, whichever is longer.
Professional Related Information Information on independent contractors contained in tax forms/1099 forms, safety records, licensing and certification records, and performance records, and information related to services provided by independent contractors, including in statements of work. A, I, J, K, R Not Sold or Shared Duration of our relationship with you, or from date of our last interaction or transaction, plus 5 years, whichever is longer.
Facility & Systems Access Information Information identifying you, if you accessed our secure Company facilities, systems, networks, computers, and equipment, and at what times, using keys, badges, fobs, login credentials, or other security access method. L, R Not Sold or Shared 3 years
Medical and Health Information Information related to symptoms, exposure, contact tracing, diagnosis, testing, or vaccination for infectious diseases (e.g., COVID-19), pandemics, or other public health emergency; health information you share when booking certain hotel services. Not Sold or Shared 2 years

Job Applicants: If hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer.
ForCalifornia residents, of the above categories of Personal Information, the following are categories of Sensitive Personal Information the Company may collect from or about consumers, independent contractors, or applicants:
For California residents, personal information does not include:

We may collect your personal information from the following sources:

We may disclose, sell,or share your personal information/data with the following categories of service providers, contractors, or third parties:

We may collect and process your personal information for the following business purposes:

We may disclose your personal information for any one or more of the business purposes identified above. 

We do NOT and will not sell or share your personal information in exchange for monetary consideration. However, we may sell or share some of your information to third parties for other valuable consideration, as noted in the table above.

We may sell or share your personal information for the following business purposes:
Other than these exceptions, we do not and will not disclose your personal information to any third party in exchange for monetary or other valuable consideration or share your personal information for cross-context behavioral advertising.

Notice of Right of California Residents to Opt-Out of the Selling and Sharing of Your Information

While we do not sell or share your personal information in exchange for money, we may sell or share your personal information for other valuable consideration. You have the right to tell us NOT to sell or share your personal information. You have the full and free right to opt-out of our disclosure of your personal information to any third parties where the disclosure constitutes “selling” or “sharing” as defined by the California Privacy Rights Act. You may exercise your right to opt-out without fear of discrimination for doing so. To opt-out of our selling or sharing of your information, meaning, we will not disclose your information to third parties for any monetary or other valuable consideration, you can do any of the following:

You can have an authorized agent submit a request to limit on your behalf. To submit a request to limit through use of an authorized agent you must provide that agent with written permission signed by you to submit an opt-out on your behalf. The authorized agent may call our toll-free privacy line at (833) 389-2388 to make the request to limit and for directions for submitting the proof of authorization and the authorized agent’s proof of identification to the Company. We maintain the right to deny any request from an authorized agent that does not submit sufficient proof that they have been authorized by you to act on your behalf.  

A request to limit need not be a verifiable request. However, we may deny a request to limit if we have a good faith, reasonable, and documented belief that a request to limit is fraudulent. If we deny your request to limit, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Opt-Out Preference Signals

Opt-out preference signals provide consumers with a simple and easy-to-use method by which to exercise the right to opt-out of the selling and sharing of their information. Global Privacy Controls (GPC) is a user-enabled opt-out preference signal which can communicate a user’s “Do Not Sell or Share” request on behalf of the person or device. We will process opt-out preferences from GPC signals which are in formats commonly used and recognized by businesses, such as anHTTP field header. We will treat a consumer’s use of GPCs as a valid request to opt-out of the selling and sharing of information for that browser. We currently do not connect browser use to particular consumers and, as such, you will need to use GPCs on all browsers in which you access our website and use our opt-out form to opt-out of offline sales.

Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals or other mechanisms (with the exception of GPCs) that provide a choice regarding the collection of personal information about activities over time and across different websites or online services. We encourage users who have DNTs to use GPCs.

We do and will use or disclose your sensitive personal information for purposes other than the following:

Notice of Rights of California Residents to Limit the Use of Your Sensitive Personal Information

As provided by the California PrivacyRights Act, you have the right to limit our use or disclosure of your sensitive personalinformationto uses that are necessary to perform the services or provide the goodsreasonably expected by an average consumer who requests those services orgoods. You have the full and free rightto limit our use or disclosure ofyour sensitive personal information as defined by the California Privacy RightsAct. You may exercise your right to limit without fear of discrimination fordoing so. To limit the use or disclosure of your sensitive personalinformation, you can do any ofthe following:

You can have an authorized agent submit a request to limit on your behalf. To submit a request to limit through use of an authorized agent you must provide that agent with written permission signed by you to submit an opt-out on your behalf. The authorized agent may call our toll-free privacy line at (833) 389-2388 to make the request to limit and for directions for submitting the proof of authorization and the authorized agent’s proof of identification to the Company. We maintain the right to deny any request from an authorized agent that does not submit sufficient proof that they have been authorized by you to act on your behalf.

Retention of Personal Information

We will retain each category of personal information in accordance with our established data retention schedule as indicated above. In deciding how long to retain each category of personal information that we collect, we consider many criteria, including, but not limited to: the business purposes for which the Personal Information was collected; relevant federal, state and local record keeping laws; applicable statutes of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.

We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the personal information, and legal reasons for retaining the personal information, have both expired. If so, we will purge the information in a secure manner.

Third Party Vendors

We may use other companies and individuals to perform certain functions on our behalf. Examples include utilizing a third-party vendor application that allows for text/chatting with hotel guests or allows guests to purchase products and services and make reservations, administering e-mail services, and running special promotions. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose. Subscribers or site visitors will never receive unsolicited e-mail messages from vendors working on our behalf.

Business Transfers

In the event we sell or transfer a particular portion of its business assets, information of consumers, contractors and applicants may be one of the business assets transferred as part of the transaction. If substantially all of our assets are acquired, information of consumers, contractors and applicants may be transferred as part of the acquisition.

Compliance with Law and Safety

We may disclose specific personal and/or sensitive personal information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect our employees or the public.

Use of Cookies and Other Tracking Technologies

Cookies are small files that a website may transfer to a user’s computer that reside there for either the duration of the browsing session (session cookies) or on a permanent, until deleted, basis (persistent cookies) that may be used to identify a user, a user’s machine, or a user’s behavior. We make use of cookies under the following circumstances and for the following reasons:

You may delete cookies from your web browser at any time or block cookies on your equipment, but this may affect the functioning of or even block the website. You can prevent saving of cookies (disable and delete them) by changing your browser settings accordingly at any time. It is possible that some functions will not be available on our website when use of cookies is deactivated. Check the settings of your browser. Below you can find some guidance:

External Links

Our website contain links to other sites. We are not responsible for the privacy practices or the content of such websites. To help ensure the protection of your privacy, we recommend that you review the Privacy Policy of any site you visit via a link from our website.

Passwords

The personal data record created through your registration with our website can only be accessed with the unique password associated with that record. To protect the integrity of the information contained in this record, you should not disclose or otherwise reveal your password to third parties.

Children Under the Age of 16

We do not knowingly sell or share the personal information of consumers under 16 years of age.

How We Protect the Information that We Collect

The protection of the information that we collect about visitors to this website is of the utmost importance to us and we take every reasonable measure to ensure that protection, including:

International Visitors

We do not target, market to, or offer our products or services to consumers outside of the United States. You agree not to submit your personally identifiable information through the website if you reside outside the United States.

Rights Under the CCPA, CPRA, and VCDPA

This section of the Privacy Policy applies only to: (1)California residents who are natural persons; and (2) Virginia residents who are natural persons acting in an individual or household context. If you are aCalifornia resident, you have the following rights pursuant to the CaliforniaConsumer Privacy Act (CCPA) as amended by the California Privacy Rights Act(CPRA). If you are a Virginia resident acting in an individual our household context, you have the following rights under the Virginia Consumer DataProtection Act (VCDPA):

You can submit any of the above types of consumer requests through any of the 3 options below:

PROCEDURE TO APPEAL REFUSAL TO TAKE ACTION ON REQUEST SUNDER THE VCDPA

For Virginia residents, under the VCDPA, if your requests are manifestly unfounded, excessive, or repetitive, we may charge you a reasonable fee to cover the administrative costs of complying with you requests, or we may decline to act on the request.

You may appeal our refusal to take action on a request within 30 calendar days after your receipt of our decision. To submit an appeal, you may call our privacy toll-free line at (833) 389-2388 to request an appeal form, which must be returned within 30 calendar days of your receipt of our decision. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, we will also provide you with a method through which you may contact the Virginia Attorney General to submit a complaint. (This appeal process does not apply to Virginia job applicants or independent contractors.)

How We Will Verify That it is Really You Submitting the Request

If you are a California resident, when you submit aRight to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request.Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us. For example, we may need you to provide your name, email, phone number, IP address, browser ID, amount of your last purchase with the business, and/or date of your last transaction with the business.

If you are a Virginia resident, when you submit a Right to Know, Right to Access, Right to Delete, Right to Correct, or Right to Opt-Out through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us. For example, we may need you to provide your name, email, phone number, IP address, browser ID, amount of your last purchase with the business, and/or date of your last transaction with the business.

Responding to Your Right to Know, Right to Access,Right to Delete, and Right to Correct Requests

For California residents, upon receiving a verifiable request, we will confirm receipt of the request no later than 10 business days after receiving it. We endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

For Virginia residents, we endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period within the initial 45-day period after receipt of your request.

For California residents, we do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

For Virginia residents, we do not charge a fee for up to 2 requests annually, unless the requests are manifestly unfounded, excessive, or repetitive, in which case we may charge you a reasonable fee to cover the administrative costs of complying with the requests, or we may decline to act on the request.

For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessarily information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Responding to a California Resident’s Request to Opt-Out of the Selling or Sharing of Personal Information

We will act upon a consumer request from a California resident to opt-out within fifteen (15) business days of its receipt. We will notify all third parties to whom we have sold or shared personal information of your request and instruct them to comply with the request within the same timeframe. We will notify you when this has been completed by mail or electronically, at your option.

A request to opt-out by a California resident need not be a verifiable consumer request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Responding to a Virginia Resident’s Request to Opt-Out of Targeted Advertising, Selling of Personal Data, and Profiling

We endeavor to respond to a verifiable request to opt-out within forty-five (45) calendar days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period within the initial 45-day period after receipt of your request.

Responding to a California Resident’s Request to Limit the Use of Sensitive Personal Information

For California residents, we will act upon a verifiable request to limit the use of sensitive personal information within fifteen (15) business days of its receipt. We will notify all third parties that use or disclose sensitive personal information of your request to limit and instruct them to comply with the request within the same time frame. We will notify you when this has been completed by mail or electronically, at your option.

For California residents, a request to limit need not be a verifiable request. However, we may deny a request to limit if we have a good faith, reasonable, and documented belief that a request to limit is fraudulent. If we deny your request to limit, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

If You Have an Authorized Agent:

If you are a California resident, you can authorize someone else as an authorized agent who can submit a request on your behalf. Todo so, you must either (a) execute a valid, verifiable, and notarized power of attorney or (b) provide other written, signed authorization that we can then verify.When we receive a request submitted on your behalf by an authorized agent who does not have a power of attorney, that person will be asked to provide written proof that they have your permission to act on your behalf, and we will also contact you and ask you for information to verify your own identity directly with us and not through your authorized agent. We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf.

Other California Privacy Rights

The California Civil Code permits California Residents with whom we have an established business relationship to request that we provide you with a list of certain categories of personal information that we have disclosed to third parties for their direct marketing purposes during the preceding calendar year. To make such a request, please send an email to dataprivacy@hotelwebmaster.comor write to us at the address listed below. Please mention that you are making a “California Shine the Light” inquiry.

Consent to Terms and Conditions

By using this website, you consent to all terms and conditions expressed in this Privacy Policy.

Changes to Our Privacy Policy

As our services evolve and we perceive the need or desirability of using information collected in other ways, we may from time to time amend this Privacy Policy. We encourage you to check our website frequently to see the current Privacy Policy in effect and any changes that may have been made to them. If we make material changes to this Privacy Policy, we will post the revised Privacy Policy and the revised effective date on this website. Please check back here periodically or contact us at the address listed at the end of this Privacy Policy.

Consumers With Disabilities

This policy is in a form that is accessible to consumers with disabilities.

Questions About the Policy

If you have any questions about this Privacy Policy, please contact us at dataprivacy@hotelwebmaster.com or call (833) 389-2388.

**This policy was last updated June 29, 2023.