One Lux Stay collects certain Personal Information about you to facilitate our relationship. We are committed to keeping your Personal Information secure. Providing Personal Information is optional; however, if you choose not to provide the requested Personal Information, you may not be able to use some or all of the features of the Sites or to complete other Services such as reservations, purchases, credit applications, or employment applications.
“Personal Information” is any information that identifies or is capable of being associated with a particular person. Personal Information may be stored electronically or in physical documents.
Personal Information includes, but is not limited to, data such as first name, last name, address(es), phone number(s), email address, credit card number, identification number (driver’s license, social security or national number, passport number), bank account/financial information, date of birth, marital status, social network ‘handle’, geolocation information, purchase information, gaming activity information, biometric information, preference information, survey answers/opinions, and other similar information. Personal Information may also include all or part of the information you provide when applying for a job position.
COLLECTION OF PERSONAL INFORMATION AND OTHER DATA
We may collect information in three different ways: (1) information you provide to us; (2) information we receive from third parties; and (3) information collected through various automated collection technologies.
Information You Provide. You may provide Personal Information under a wide range of circumstances, including, but not limited to, when you log into the Sites, submit information through the Sites, apply for credit, make a purchase, sign up for email notifications, start or make a reservation, enter a promotion, complete a survey, or respond to a job posting.
One Lux Stay may collect other Personal Information about you, such as information about your gaming and betting history and your transactions with us or with other third parties. Personal Information may be received through direct correspondence with One Lux Stay and our owned and operated companies within group (email, mail, telephone, or other means).
If you visit one of our hotels, communities, venues, or restaurants, Personal Information may be received through use of one of our many services such as concierge, amenities, room service, etc., when you register for special events, make a purchase, or during security monitoring for your safety and detection of fraud, cheating or money laundering.
Information from Third Parties. We may collect information about you from various third parties.
Information Collected Through Automated Technologies. One Lux Stay and its service providers also use automated collection technologies to collect certain data as further described below. This information tells us about how people use the Sites so that we can analyze its effectiveness and provide you with a better web experience. We collect this information through a variety of technologies, including “cookies” and analysis applications, as discussed below.
(a) Server Log Files
Like most websites, the Sites gather certain information automatically and store it in log files. This information includes internet protocol (“IP”) addresses, browser type, operating system, internet service provider (“ISP”), referring/exit pages, date/time stamp of access, and clickstream data, and information about the content you view on the Sites. When you visit the Sites, the servers automatically log your IP address, the time and duration of your visit, and the time and duration spent on the pages of the Sites which you view. If you arrive at the Sites by clicking a paid advertisement or a link in a communication, then the server will capture information that tracks your visit from that link. If you arrive at the Sites by clicking on a non-paid source, such as a search engine result or link on another website, the server captures information that tracks your visit from that source, to the extent available. The server also captures information from direct traffic.
The server log files are not analyzed with respect to individuals.
(b) Cookies and Other Visit Tracking Technologies
A cookie is a unique alphanumeric identifier that websites use to help identify the number of unique visitors to a website, whether or not those visitors are repeat visitors, and the source of the visits. If you prefer to disable cookies, you may do so through your web browser’s security settings. Please note that certain features of the Sites may not be available once cookies have been disabled.
We use two types of cookies: session and persistent cookies.
Session Cookies. Session cookies exist only during an online session. They disappear from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Sites. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Sites.
Persistent Cookies. Persistent cookies remain on your computer after you have closed your browser or turned off your computer.
Clear GIFs (a.k.a. web beacons, web bugs or pixel tags), are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Sites to, among other things, track the activities of Sites visitors, help us manage content, and compile statistics about Sites usage. You may view and change your preferences at any time by using the ‘Privacy Settings’ in your web browser. We and our third-party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Some of our email communications to you may contain links to content on the Sites. When you click one of these links, it passes information through the One Lux Stay web server before you arrive at the destination web page. One Lux Stay tracks this click-through data to help determine interest in particular topics and measure the effectiveness of our communications. If you prefer not to be tracked, simply avoid clicking text or graphic links in emails you receive from One Lux Stay.
(c) Do Not Track Signals
Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in the cookies section (e.g., by disabling cookies). Please note that we do not collect, and we not aware of third parties that collect, Personal Information from users of the Sites about users’ online activities on third party websites.
(d) Third-Party Analytics
USE OF PERSONAL INFORMATION
We and our service providers may use your information, including your Personal Information, for the following purposes:
- To present our Sites, Services, and related content to you, to communicate with you about your use of our Services and/or Sites, to contact you regarding your account status, changes to the account agreement, special discounts, promotions, products offered and other matters relevant to the Services, to respond to your inquiries, to fulfill your orders, and for other customer service purposes.
- To personalize marketing materials and promote our products and services, to provide you with products or services you have requested directly or through a third party that is approved by One Lux Stay, and to provide news and event information.
- To make a credit determination and then manage the account (if applicable).
- To manage our contractual relationship with you.
- To continue our ongoing efforts to expand your experience and make improvements to our Sites, Services, as well as hotels, and other properties
- To assist you when you contact our customer care center(s) for services such as information on hotel or restaurant reservations, transportation and traveling arrangements or other assistance as requested.
- To provide any legally required reporting to governmental or regulatory entities.
On other occasions where we ask you for consent, we will use the information for the purposes which we provide at that time. You have the right to withdraw your consent at any time; however, we may have other legal grounds for processing your information, including those identified above.
SHARING OF INFORMATION
We may share your Personal Information as follows:
- Service Providers. We may disclose Personal Information we collect from you to third party vendors, service providers, contractors or agents who perform functions on our behalf (“Service Providers”). For example, we may contract with Service Providers to provide certain services, such as maintaining or servicing accounts, providing data storage and management, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing property management services, providing advertising or marketing services, or providing analytic services. We only provide our Service Providers with the information or access to information necessary for them to perform these services on our behalf. Each Service Provider must agree to use commercially reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect your Personal Information from unauthorized acquisition, access, use, or disclosure. Service Providers may only use the Personal Information to provide services to Us and are prohibited from using Personal Information other than as authorized by us under this Policy.
- Business Transfers. If we are acquired by, or merged with, another entity, if substantially all of our assets are transferred to another entity, or as part of a bankruptcy proceeding, or if we are evaluating or in negotiations with respect to any such transaction, we may transfer, or make available, the Personal Information we have collected from you to the other entity or resulting legal entity.
- In Connection with Legal Process. We also may disclose the Personal Information we collect from you in order to comply with applicable laws or regulations, a government investigation, a judicial proceeding, court order, or other legal process, such as in response to a subpoena.
- To Protect Us and Others. We also may disclose the Personal Information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, suspected violations of this Policy, any applicable terms and conditions for Services provided through the Sites or at any hotel and community owned or operated by One Lux Stay, or as evidence in litigation in which we are involved.
- Aggregated and De-Identified Information. We may share aggregate or de-identified Personal Information about users with third parties and publicly for marketing, advertising, research, or similar purposes.
- Job Applications. If you apply for a job position, some of your Personal Information may be shared with third parties.
THIRD PARTY ADVERTISING AND LINKS TO THIRD PARTY WEBSITES
DATA RETENTION AND DISPOSAL
One Lux Stay keeps customer information for as long as is necessary for business purposes, or as legally required by appropriate state, federal and regulatory authorities. Retention periods vary depending on the type of information and how it is used. The criteria we use to determine the appropriate retention periods include:
- How long we have a relationship with you and provide services or products to you.
- Whether there is a legal, contractual or similar obligation that requires us to keep your information for a certain period of time.
- Whether you have consented to retention of your information for a longer period of time.
- Whether the personal information is sensitive.
When we no longer need to use or retain your Personal Information, both physical and electronic records are destroyed.
We use industry standard security safeguards to help protect Personal Information from unauthorized access, alteration, or disclosure. Despite these efforts, please understand that no system is perfect we cannot guarantee that unauthorized access or theft of data will not occur, so you should exercise caution when transferring personal and other sensitive information over the Internet. Please advise us immediately at DataSecurity@oneluxstay.com of any incident involving the loss of or unauthorized access to or disclosure of Personal Information that is in our custody or control. One Lux Stay maintains Incident Response and Business Continuity Plans to address data incident situations.
You are responsible for keeping your account login credentials confidential. You should not share such login credential with any other person as you are responsible for all activity on your account. Be sure to sign off when finished if you are using a shared device. You must immediately notify us if you are aware or suspect any unauthorized use of your account. Please note that One Lux Stay will never ask for a password other than on the log-in page of an official One Lux Stay site. Links are available on these Sites to request assistance.
The Sites are not intended for use by or directed to any person under the age of 18. Any use of the Sites by persons under the age of 18 should only be under the direct supervision of that minor’s parent or legal guardian. We do not knowingly collect information from persons under the age of 18 through the Sites. If you believe we have received Personal Information belonging to someone under age 18, please email firstname.lastname@example.org and, after reasonable confirmation, we will delete the Personal Information of the minor.
We strongly support parental control of the internet. If you are a parent and want to prevent your children from using the Sites or the Services, then you may want to consult the filtering software companies, such as Net Nanny and Cybersitter. Net Nanny and Cybersitter are third party service providers that are not affiliated with us or any of our subsidiaries or affiliates and we have no responsibility for the services provided by such providers.
USER GENERATED CONTENT
ACCESS, CORRECTION, AND CHOICE
You have choices about the collection, use, and sharing of your Personal Information, including:
- Deletion: You can request that we erase or delete all or some of your Personal Information (for example, it is no longer necessary to provide services to you).
- Change or Correct: You can review and edit your Personal Information by logging onto the Sites and visiting your account at any time.
- Object to or Restrict Use: You can request that we stop using some or all of your Personal Information or restrict our use of your Personal Information.
- Access: You can access the Personal Information you submit to our Sites via your account at any time.
- Copy: You can request a copy of your Personal Information.
- Right to Portability – provides the ability to request Personal Information in machine readable format (for example, CSV).
- Marketing: Users who no longer wish to receive our newsletter or promotional materials may opt-out of receiving these communications by clicking the unsubscribe link at the bottom of the email.
- Withdrawing Consent: If we have collected or processed your Personal Information with your consent, you may withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information based on other lawful processing grounds.
If you request access, correction, amendment or deletion of your Personal Information and you have more than one account with us, you will need to instruct us on each account separately. Reasonable access to Personal Information will generally be provided within thirty (30) calendar days at no cost to you, subject to limited exceptions prescribed by law or excessive requests. For your protection, we may need to verify your identity before fulfilling your request. Please note that we may need to retain certain information for recordkeeping purposes or to complete requests or transactions that occurred prior your request. We will also retain your Personal Information if reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, maintain security, detect or prevent fraud and abuse, and enforce the Terms and Conditions of Use. We may also need to retain your Personal Information if required by gaming industry regulations, federal tax statutes and other legal requirements (e.g., information on our customers who self-report; tax reporting documents; player winnings, and any statistics, reports or listings that are required to protect our casino properties).
We aim to keep our information about you as accurate as possible. If you would like to access, update, review or change the details you have provided to us with, please contact us as set out below.
PROCESSING IN UNITED STATES; CROSS-BORDER TRANSFERS
We are located in the United States. Please be aware that, depending on your location, your Personal Information and communications may be transferred to and maintained on servers or databases located outside your state, province, or country. If you are located outside of the United States, please be advised that we store all Personal Information in the United States. The laws in the United States may not be as protective of your privacy as those in your location. By using the Sites or Services, you agree that the collection, use, transfer, and disclosure of your Personal Information and communications will be governed by the applicable laws in the United States.
We may transfer your Personal Information to other countries in compliance with applicable laws. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those countries may have access to your Personal Information.
One Lux Stay certifies under the EU-US Privacy Shield, which provides a set of requirements governing the use and treatment of Personal Information received from the European Economic Area. Please see the information provided under the section “EU-US Privacy Shield” below.
You may address all communications to One Lux Stay LLC, Attn: Data Protection Office 3222 Santa Monica Blvd, Santa Monica, California, 90204, or email to email@example.com Please include your name, address and phone number or email in all communications and state clearly the nature of your request. If you wish to make a request to access the Personal Information we collect and store about you, please email us and request this.
EU/US PRIVACY SHIELD COMPLIANCE
We comply with the EU/US Privacy Shield framework as set forth by the United States Department of Commerce regarding the collection, use, and retention of Personal Information from European Economic Area and the United Kingdom. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For purposes of enforcing compliance with the Privacy Shield, we are subject to the investigatory and enforcement authority of the Federal Trade Commission.
Please include your name, address and phone number or email in all communications and state clearly the nature of your request or concern. If you wish to make a request to access the personal information we collect and store about you.
If we transfer your Personal Information to a third party, we will ensure the third party is contractually obligated to process your data only for limited, specific purposes consistent with this policy, to apply the same level of protection to that data as the EU-US Privacy Shield Principles, and notify us if it makes a determination that it can no longer meet this obligation. Upon notice, we will take reasonable and appropriate steps to stop and remediate unauthorized processing. In cases of onward transfer to third parties of data received pursuant to the EU-US Privacy Shield, we are potentially liable.
When required, we must disclose Personal Information to comply with lawful requests from government authorities including to meet national security and law enforcement requirements.
APPENDIX A – ADDITIONAL PROVISIONS APPLICABLE TO EUROPEAN ECONOMIC AREA DATA SUBJECTS
This Appendix outlines certain additional information that we must provide to persons in the European Economic Area as well as certain rights such residents have with respect to the processing of their Personal Information under the European Union’s General Data Protection Regulation (GDPR). For persons in European Economic Area, the term Personal Information means information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Legal Bases for Processing of Personal Information
We process the personal Information collected for the purposes described in the sections entitled “Collection of Personal Information and Other Data,” “Use of Personal Information,” and “Sharing of Information” in our Policy. The legal bases for our processing activities include processing Personal Information as necessary to comply with our contractual obligations, compliance with our legal obligations, protecting the safety of our employees, guests and others, for our legitimate business interests, and pursuant to your consent. The particular legal basis for the processing of your Personal Information is based on the purpose for which such information was provided or collected.
We use Personal Information, such as name, address, email and credit card information, as necessary to perform Services, such as fulfilling ticket purchases or making reservations at properties owned or operated by One Lux Stay. In some instances, we are not able to provide our Services and products according to our contracts unless you provide us with certain necessary Personal Information. This collection and processing of the Personal Information is based on Article 6 para. 1 (b) GDPR (necessary for the performance of a contract with you).
We may also process your Personal Information if we have received your consent, to respond to requests from you or to take actions in our legitimate interest, such as for marketing purposes or to otherwise inform you of our business operations, and to improve our products and services. Please note that if we rely on consent, you may withdraw your consent at any time, but such withdrawal will not affect the lawfulness of the processing of your Personal Information prior to the withdrawal.
- Data Retention
See “Data Retention And Disposal” above for our retention policies.
- Data Subject Rights
Data subjects of the European Economic Area have the following rights:
- Access, Correction and Erasure Requests: You have the right to:
- contact us to confirm whether we are processing your Personal Information;
- receive certain information on how your Personal Information is processed;
- obtain a copy of your Personal Information;
- request that we update or correct your Personal Information; and
- request that we delete Personal Information in certain circumstances.
- Right to Object to Processing: You have the right to request that we cease processing of your Personal Information based on our legitimate business interests, including profiling, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your Personal Information for the establishment, exercise, or defense of a legal claim. You also have the right to object, at any time, to processing of your Personal Information for direct marketing, which includes profiling to the extent that it is related to such direct marketing.
- Right to Restrict Processing: You have the right to request that we limit the processing of your Personal Information:
- while we are evaluating or in the process of responding to a request by you to update or correct your Personal Information;
- where such processing is unlawful and you do not want us to delete your data;
- where we no longer require such data, but you want us to retain the data for the establishment, exercise, or defense of a legal claim; and
- where you have submitted an objection to processing based on our legitimate business interests, pending our response to such request.
- Data Portability Requests: You have the right to request that we provide you or a third party that you designate with certain of your Personal Information in a commonly used, machine-readable format. Please note, however, that data portability rights apply only to Personal Information that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.
If you believe our processing of your Personal Information violates the GDPR, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work, or the place of the alleged violation.
- Submitting Requests
European Economic Area data subjects can submit requests by emailing us. We will respond to all such requests within the timeframe required under the GDPR. Please note, however, that certain Personal Information may be exempt from such rights pursuant to the GDPR. In addition, we will not respond to any request unless we are able to appropriately verify the requester’s identity. We may charge you a reasonable fee for subsequent copies of Personal Information that you request. In addition, if we consider that a request is manifestly unfounded or excessive, we may either request a reasonable fee to respond to the request or deny the request.