Skip to content
PRIVACY POLICY

Effective as of August 14, 2021

Last updated February 6, 2024

Introduction

Fairmont Heritage Place Ghirardelli Square (“Fairmont Heritage Place,” “we,” “our,” or “us”) respects the privacy of your information. This Privacy Policy is designed to assist you in understanding how we collect, use, share, and safeguard your information. This Privacy Policy applies to individuals who access this website (collectively, “Site”) and any of our online and, where required, offline services (collectively, “Services”).

From time to time, we may change this Privacy Policy. If we do, we will post an amended version on this webpage. Please review this Privacy Policy periodically.

This Privacy Policy covers the following topics:

  1. Scope and Relationship with Accor SA
  2. Personal Data We Collect
  3. How We Use Your Personal Data
  4. How We Share Your Personal Data
  5. International Data Transfers
  6. Universal Opt-Out Mechanisms
  7. Security
  8. Third-Party Links
  9. Children’s Privacy
  10. Your State Privacy Rights and Additional Disclosures
  11. Notice to California Residents
  12. Your Personal Data and Your Rights – Europe and the United Kingdom Only
  13. Accessibility
  14. How to Contact Us

 

1. Scope and Relationship with Accor SA

This Privacy Policy governs the handling of personal data by Fairmont Heritage Place while carrying on commercial business and activities. Most Accor branded hotels are operated under a franchise or management agreement between the hotel’s owner and Accor SA (or one of its subsidiaries across the world).

When staying in one of these hotels, your personal data will be processed by the hotel and by Accor SA, both acting as data controllers for their own, separate, purposes.

Accor SA will process your data because it manages a central booking engine, which allows Accor SA to collect the data necessary to organize your stay in hotels under an Accor brand and to communicate this data to the concerned hotels. Accor SA also manages a global database of clients who stay in hotels under an Accor brand and Accor SA also manages the ALL loyalty programs. To know more about data processing activities under Accor SA’s control, please see the Accor Personal Data Protection Charter.

Fairmont will process your data to manage its contractual relationship with you (invoicing, payment, booking management etc.), to perform marketing activities and to comply with its legal obligations.

2. Personal Data We Collect

We collect personal data from you through your use of the Site and Services. Personal data is information that is linked or reasonably linkable to an identified or identifiable individual. We collect the following types of personal data:

Personal Data You Provide

Depending on how you interact with our Site and Services, we will collect the following personal data that you voluntarily provide to us for the following purposes:

  • Reservations. To book a hotel reservation you will provide us with your name, phone number, email address, physical address, and financial information. We also may collect other information such as your job title, employer name, hotel stay preferences, and number of children.
  • Contact Us. If you contact us, you will provide us with your name, email address, and you may provide us with your phone number, country, and any information you choose to provide in your message.

Personal Data as You Navigate Our Site

We automatically collect certain personal data through your use of our Site and our use of cookies and other tracking technologies, such as the following:

  • Usage Information. For example, the pages on the Site you access, the frequency of access, and what you click on while on the Site.
  • Device Information. For example, hardware model, operating system, application version number, and browser.
  • Mobile Device Information. Aggregated information about whether the Site is accessed via a mobile device or tablet, the device type, and the carrier.
  • Location Information. Location information from Site visitors on a city-regional basis.

To learn more about how we use cookies and to manage your cookie settings, please see our .

Personal Data We Collect About You from Other Sources

In some cases, we may receive personal data about you from other sources. This includes Accor and its business affiliates and subsidiaries and from advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks, and data brokers.

3. How We Use Your Personal Data

In addition to the purposes stated above, we may use all the personal data we collect in accordance with applicable law such as to:

  • Maintain and improve our Site and Services;
  • Protect the security and integrity of our Site and Services;
  • Investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our Terms of Use, and to otherwise fulfill our legal obligations;
  • Monitor compliance with and enforce this Privacy Policy and any applicable agreements and policies;
  • Defend our legal rights and the rights of others;
  • Fulfill any other purposes for which you provide it;
  • For any purpose that is reasonably necessary to or compatible with the original purpose for which we collected the personal data as disclosed to you; and
  • Comply with applicable law.
4. How We Share Your Personal Data

We may share the personal data that we collect about you in the following ways:

  • With vendors who perform data or Site-related services on our behalf (e.g., email, hosting, maintenance, backup, analysis, etc.);
  • To the extent that we are required to do so by law;
  • In connection with any legal proceedings or prospective legal proceedings;
  • To establish, exercise, or defend our or a third party’s legal rights, including providing information to others for the purposes of fraud prevention;
  • With any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal data where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal data;
  • With any other person or entity as part of any business or asset sale, equity transaction, merger, acquisition, bankruptcy, liquidation, or similar proceeding, or in preparation for any of these events;
  • With any other person or entity where you consent to the disclosure; and
  • For any other purpose disclosed by us when you provide the personal data or for any other purpose we deem necessary, including to protect the health or safety of others.
5. International Data Transfers

We operate internationally and transfer information to the United States for the purposes described in this policy. The United States may have privacy and data protection laws that differ from, and are potentially less protective than, the laws of your country. Your Personal Data can be subject to access requests from governments, courts, or law enforcement in the United States according to the laws of the United States.

For any transfers of Personal Data from the European Economic Area (EEA), Switzerland or the United Kingdom that we make to other entities as described in this Privacy Policy, we use appropriate safeguards to ensure for the lawful processing and transfer of the Personal Data, including, when appropriate, the use of standard contractual clauses approved by the European Commission. To obtain a copy of the safeguards, contact us at ghirardellisquare@fairmont.com.

6. Universal Opt-Out Mechanisms

We do not engage in “sales,” or “shares,” or “targeted advertising” as those terms are defined under applicable laws and therefore our Site does not recognize the Global Privacy Control (“GPC”) signal. For more information and to download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Site does not currently interpret, respond to or alter its practices when it receives “Do Not Track” signals.

7.  Security

We maintain commercially reasonable security measures to protect the personal data we collect and store from loss, misuse, destruction, or unauthorized access. However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

8. Third-Party Links

The Site may contain links that will let you leave the Site and access another website. Linked websites are not under our control. We accept no responsibility or liability for these other websites.

9. Children’s Privacy

The Site and Services are not intended for children under 13 years of age. We do not knowingly collect, use, or disclose personal data from children under 13.

10. Your State Privacy Rights and Additional Disclosures

Depending on the state in which you reside, you may have certain privacy rights regarding your personal data. If you are a California resident, please see our “Notice to California Residents” section below. For other state residents, your privacy rights may include (if applicable):

  • The right to confirm whether or not we are processing your personal data and to access such personal data;
  • The right to obtain a copy of your personal data that we collected from and/or about you in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another controller without hindrance, where the processing is carried out by automated means;
  • The right to delete personal data that we collected from and/or about you, subject to certain exceptions;
  • The right to correct inaccurate personal data that we maintain about you, subject to certain exceptions;
  • The right, if applicable, to opt out of the processing of your personal data for purposes of (1) targeted advertising; (2) the “sale” of your personal data (as that term is defined by applicable law); and (3) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you;
  • If we are required by applicable law to obtain your consent to process sensitive personal data, the right to withdraw your consent; and
  • The right not to receive discriminatory treatment by us for the exercise of your privacy rights.

We do not engage in targeted advertising or sharing of personal data, and we do not use personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning individuals.

To exercise your rights, please submit a request through our interactive webform available here or by calling us at 415-268-9900. If legally required, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the individual on whose behalf you are making such request. To do so, we will ask you to verify data points based on information we have in our records. If you are submitting a request on behalf of another individual, please use the same contact methods described above. If we refuse to take action regarding your request, you may appeal our decision through our interactive webform available here or by calling us at 415-268-9900.

11. Notice to California Residents

The California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CCPA”), requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, sale, sharing, and retention of personal information and of the rights of California residents regarding their personal information. This section of the Privacy Policy is intended solely for, and is applicable only as to, California residents. If you are not a California resident, this section does not apply to you and you should not rely on it.

The CCPA defines “personal information” to mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available, deidentified or aggregated information or lawfully obtained, truthful information that is a matter of public concern. For purposes of this “Notice to California Residents” section we will refer to this information as “Personal Information.”

Notice at Collection of Personal Information

We currently collect and, in the 12 months prior to the Effective Date of this Privacy Policy, have collected the following categories of Personal Information:

  • Identifiers (name, alias, postal address, online identifier, Internet Protocol address, email address)
  • Unique personal identifiers (device identifier; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology; customer number, unique pseudonym or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device)
  • Personal information described in California’s Customer Records statute (California Civil Code § 1798.80(e)) (signature, telephone number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information as well as the categories listed in “Identifiers” category above)
  • Characteristics of protected classifications under California or federal law (race, color, sex/gender, age (40 and older))
  • Commercial information (records of personal property, products or services purchased, obtained or considered; other purchasing or consuming histories or tendencies; or other commercial information)
  • Internet or other electronic network activity information (browsing history; search history; and information regarding consumer’s interaction with website, application or advertisement)
  • Geolocation data
  • Audio, electronic, visual, thermal, olfactory, or similar information
  • Professional or employment-related information (including employment history)
  • Education information
  • Inferences drawn from above information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

We collect Personal Information directly from California residents, from Accor and its business affiliates and subsidiaries, and from advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks, and data brokers. We do not collect all categories of Personal Information from each source.

In addition to the purposes stated above in the section “How We Use Your Personal Data” we currently collect and have collected the above categories of Personal Information for the following business or commercial purposes:

  • Helping to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for these purposes
  • Debugging to identify and repair errors that impair existing intended functionality
  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, or providing similar services
  • Undertaking internal research for technological development and demonstration
  • Undertaking activities to verify or maintain the quality or safety of a service or device, and to improve, upgrade, or enhance the service
  • Advancing our commercial or economic interests, such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction

Sale, Sharing, and Disclosure of Personal Information

The following table identifies the categories of Personal Information that we disclosed for a business purpose in the 12 months preceding the Last Updated date of this Privacy Policy and, for each category, the categories of recipients to whom we disclosed Personal Information.

Category of Personal InformationCategories of Recipients
Identifiers (name, postal address, online identifier, Internet Protocol address, email address)Online booking providers; payment processors
Personal information described in California’s Customer Records statute (California Civil Code § 1798.80(e)) (telephone number)Online booking providers
Personal information described in California’s Customer Records statute (California Civil Code § 1798.80(e)) (bank account number, credit card number, debit card number, or any other financial information)Payment processors
Commercial information (records of products or services purchased, obtained or considered; other purchasing or consuming histories or tendencies; or other commercial information)Online booking providers

 

We disclosed Personal Information for the following business or commercial purposes:

  • Helping to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for these purposes
  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, or providing similar services
  • Undertaking activities to verify or maintain the quality or safety of a service, and to improve, upgrade, or enhance the service

We have not sold or shared Personal Information in the twelve (12) months preceding the Last Updated date of this Privacy Policy. We do not knowingly collect, sell, or share the Personal Information of consumers under 16 years of age. We do not use Sensitive Personal Information for purposes other than those allowed by the CCPA and its regulations.

Retention of Personal Information

We retain your Personal Information for as long as necessary to fulfill the purposes for which we collect it, such as to provide you with the service you have requested, and for the purpose of satisfying any legal, accounting, contractual, or reporting requirements that apply to us.

Your Rights

If you are a California resident, you have the following rights with respect to your Personal Information:

  • The right to know what Personal Information we have collected about you, including the categories of Personal Information, the categories of sources from which we collected Personal Information, the business or commercial purpose for collecting, selling or sharing Personal Information (if applicable), the categories of third parties to whom we disclose Personal Information (if applicable), and the specific pieces of Personal Information we collected about you;
  • The right to delete Personal Information that we collected from you, subject to certain exceptions;
  • The right to correct inaccurate Personal Information that we maintain about you;
  • If we sell or share Personal Information, the right to opt out of the sale or sharing;
  • If we use or disclose sensitive Personal Information for purposes other than those allowed by the CCPA and its regulations, the right to limit our use or disclosure; and
  • The right not to receive discriminatory treatment by us for the exercise of privacy rights the CCPA confers.

How to Submit a Request to Know, Delete, and/or Correct

You may submit a request to know, delete, and/or correct by ghirardellisquare@fairmont.com or by calling us toll free at 1-415-268-9900.

If you are submitting a request on behalf of a California resident, please submit the request through one of the designated methods discussed above. After submitting the request, we will require additional information to verify your authority to act on behalf of the California resident.

Our Process for Verifying a Request to Know, Delete, and/or Correct

We will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request. We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure, deletion, or correction as applicable. To do so, we will ask you to verify data points based on information we have in our records concerning you.

Shine the Light Law

We do not disclose personal information obtained through our Site or Services to third parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.83.

12. Your Personal Data and Your Rights – Europe and the United Kingdom Only

If you are in a country in the European Economic Area (EEA) or in the United Kingdom, you are entitled to the following explanation of the legal bases we rely on to process your Personal Data and a description of your privacy rights.

Legal Bases for Processing Your Personal Data

The legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

Consent

We may process your Personal Data based on your consent such as when you create an account or when you ask us to send certain kinds of marketing communications. You have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.

Our Legitimate Interests

We may process your Personal Data if doing so is necessary for our legitimate interests and your rights as an individual do not override those legitimate interests. For example, when we process your Personal Data to carry out fraud prevention activities and activities to increase network and information security, to market directly to you, to expand our business activities and to improve our services and the content and functionality of our Site.

To Perform a Contract

We may process your Personal Data to administer and fulfill contractual obligations to you.

To Enable Us to Comply with a Legal Obligation

We may process your Personal Data to comply with legal obligations to which we are subject. This may include any requirement to produce audited accounts and to comply with legal process.

Necessary for the Exercise or Defense of Legal Claims

If you bring a claim against us or we bring a claim against you, we may process your Personal Data in relation to that claim.

If you have any questions about or need further information concerning the legal basis on which we collect and use your Personal Data for any specific processing activity, please contact us using the “How to Contact Us” section below.

Your Rights

Access Your Personal Data

You have the right to obtain from us confirmation as to whether or not we are processing Personal Data about you and, if so, the right to be provided with the information contained in this Privacy Policy. You also have the right to receive a copy of the Personal Data undergoing processing.

Rectify Your Personal Data

You have the right to ask us to rectify any inaccurate Personal Data about you and to have incomplete Personal Data completed.

Restrict Our Use of Your Personal Data

You have the right to ask us to place a restriction on our use of your Personal Data if one of the following applies to you:

  • You contest the accuracy of the information that we hold about you, while we verify its accuracy;
  • We have used your information unlawfully, but you request us to restrict its use instead of erasing it;
  • We no longer need the information for the purpose for which we collected it, but you need it to deal with a legal claim; or
  • You have objected to us using your information, while we check whether our legitimate grounds override your right to object.

Object to Our Use of Your Personal Data

You have the right to object to our use of your Personal Data where our reason for using it is based on our legitimate interests or your consent (rather than when the reason for using it is to perform an obligation due to you under a contract with us).

Delete Your Personal Data

You can ask us to delete your Personal Data if:

  • We no longer need it for the purposes for which we collected it;
  • We have been using it with no valid legal basis;
  • We are obligated to erase it to comply with a legal obligation to which we are subject;
  • We need your consent to use the information and you withdraw consent;
  • You object to us processing your Personal Data where our legal basis for doing so is our legitimate interests and there are no overriding legitimate grounds for the processing.

However, this right is not absolute. Even if you make a request for deletion, we may need to retain certain information for legal or administrative purposes, such as record keeping, maintenance of opt-out requirements, defending or making legal claims, or detecting fraudulent activities. We will retain information in accordance with the “How Long Is Your Personal Data Kept” section below.

If you do exercise a valid right to have your Personal Data deleted, please keep in mind that deletion by third parties to whom the information has been provided might not be immediate and that the deleted information may persist in backup copies for a reasonable period (but will not be available to others).

Transfer Your Personal Data to Another Service Provider

You may request that we transfer some of the Personal Data you have provided to you or another service provider in electronic copy. This applies to Personal Data we are processing to service a contract with you and to Personal Data we are processing based on your consent.

To exercise any of these rights, please contact us as described in the “How to Contact Us” section below.

Make a Complaint

If you have any concerns or complaints regarding our processing of your Personal Data, please contact us as described in the “How to Contact Us” section below and we will do our best to answer any question and resolve any complaint to your satisfaction.

If, for whatever reason, you feel we do not meet the standards you expect of us, you are also entitled to make a complaint to your local supervisory authority:

EU Data Protection Authorities (DPAs)

Swiss Federal Data Protection and Information Commissioner (FDPIC)

Information Commissioner’s Office (United Kingdom)

How Long Is Your Personal Data Kept?

We will retain your Personal Data for as long as necessary to fulfill the purposes for which we collect it and as set out in this Privacy Policy and for the purpose of satisfying any legal, accounting, or reporting requirements that apply to us.

13.  Accessibility

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this Privacy Policy in an alternative format, please contact us as described below.

14.  How to Contact Us

To contact us for questions or concerns about our privacy policies or practices, please contact us at:

ghirardellisquare@fairmont.com

Fairmont Heritage Place Ghirardelli Square
900 North Point Street #D100
San Francisco, CA 94109