Coast Hotels Limited, doing business as Coast Hotels, is a British Columbia corporation having its head offices at 700-535 Thurlow St., Vancouver, British Columbia Canada. Coast Hotels values you as a guest and recognizes the importance of ensuring that your privacy is protected. This Privacy Policy (“Policy”) describes the personal information that Coast Hotels and hotels and resorts managed, franchised, or operated by Coast Hotels and/or its affiliated companies (“Coast Hotels”, “we” or “us”) collects from or about you when you use websites that are owned or controlled by us (the “Sites”) or applications made available by us for use on or through mobile devices (“Apps”), communicate with us, make bookings or participate in our rewards program (collectively, our “Services”), how we use that information, and to whom we disclose it. This Policy should be read in conjunction with our Terms of Use.
Please read this Policy carefully and contact us if you have any questions. If you do not agree with this Policy, you should not access or use our Services.
Residents of the State of California and residents of the United Kingdom and the European Economic Area should also review (as applicable) the “Additional Information for California Consumers” and “Additional Information for EEA and UK Residents” set out at the end of this Policy. Your Privacy Rights Under the California Consumer Privacy Act includes the Right to Opt-Out of Sale or Sharing of Personal Information. To exercise this right, visit your settings.
This Policy was last updated on January 19th, 2024. We may amend this Policy from time to time and, as such, you should review its terms each time that you visit our Sites or otherwise use our Services. Any changes to this Policy will be promptly communicated on this page but will not go into effect until at least five (5) days after they are posted.
Meaning Of “personal Information”
“Personal information” as used in this Policy means information about an identified or identifiable individual or, in some jurisdictions, a household. An identifiable individual is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual. Personal information does not include general, statistical, anonymized, or aggregated information.
Accountability And Openness/privacy Officer
Coast Hotels is responsible for personal information under our control, and we are accountable to you for its collection, use, and disclosure by us. We have established policies and procedures to safeguard any personal information that we have on file or that we collect and to deal with complaints and inquiries. We will only collect personal information as described in this Policy.
In this Policy, we have attempted to provide you with manageable, comprehensive, and easily understandable information regarding the policies and procedures that we use to manage your personal information. However, we recognize that different individuals require different levels of detail and invite you to contact us directly as set out below should you require further information.
Coast Hotels has designated a chief privacy officer (“Privacy Officer”) who is accountable for the protection of data containing personal information and for our compliance with this Policy generally, as well as for ensuring that information about our practices relating to the management of personal information is easily accessible and understood.
All questions or concerns regarding this Policy, our compliance with it, as well as any of our processes and procedures relating to the collection, use, and disclosure of your personal information, should be directed to the Privacy Officer in writing, and sent by email to privacy@coasthotels.com or by post to:
Chief Privacy OfficerCoast Hotels Ltd.
535 Thurlow Street,
Suite 700
Vancouver, BC V6E 3L2
Collection Of Information
WHAT INFORMATION IS COLLECTED AND HOW?
We collect personal information only to the extent that it is necessary for the purposes set out below (see: Purpose – Why We Collect, Use and Disclose Information). In most cases, we will collect personal information directly from you when you interact with us with respect to our hotels and resorts, events, or any other product or service that we offer. Interaction may be through our central reservation office, the front desk of one of our properties, or through our Sites or Apps. Occasionally, we may collect personal information from a third party based on your consent or as otherwise permitted by law. Personal information will always be collected using means that are transparent, fair, and lawful.
A. Direct Collection
Examples of personal information that we may collect, use and disclose include your name and email address, telephone number, and home address; passport numbers and other government-issued identification information; nationality and date of birth; car license and description; credit card details (type of card, credit card number, name on card, expiration date, and security code); Coast Hotels Rewards loyalty program details; employer or other relevant details, if you are an employee of a corporate account holder; preferred language; gender; guest stay information, including date of arrival and departure, special requests, and observations about your service preferences (including room preferences, facilities and other services used); information regarding your past stays at our properties; information that you provide regarding your marketing preferences; “guest type” information, such as transient, meeting/group, contract, corporate, tour or complimentary; and any other information that you may provide to us in conjunction with your use of our facilities and services. You must not provide us with any third party’s personal information unless you are authorized to disclose that information to us and to permit us to process that information in accordance with this Policy.
If you provide comments or other feedback to us, you agree that such comments or other feedback become the property of Coast Hotels, and we may use, disclose, and share them with our partners for any purpose provided that any such details are provided in anonymized form and that we do not associate them with your personally identifiable information without your express consent.
“Sensitive personal information” includes information regarding health, religious or philosophical beliefs, racial or ethnic origin, and sexual orientation. It also includes biometric data and genetic data. In some jurisdictions in which we operate, the term may cover other kinds of information; we address that in the jurisdiction-specific sections of this Policy, below. We endeavor to limit the circumstances under which we collect and process sensitive personal information and request that you do not disclose sensitive personal information when it is not necessary to do so. Examples of situations where we may collect and process sensitive personal information include those in which you have requested specific assistance from us, such as wheelchair-accessible facilities or meals that are compliant with religious or other dietary guidelines, or where you have chosen to provide such information to us, or it has been provided to us by a third party such as a travel agent through which you have made a booking, in order to accommodate your needs or preferences.
B. Information Collected From Third Parties
We may receive information about you from third parties including travel agents, online travel agencies, meetings/event planners, destination management companies, tour wholesalers, and tour operators. Generally, we receive this information because you have authorized these companies to make bookings or other travel or accommodation arrangements on your behalf. We use such information in the same way as we would use the information if we had received it directly from you.
C. Information Collected Through Automated Means
Users may visit the Sites without telling us who they are or revealing any information about themselves. However, like many organizations’ websites, our web server automatically logs certain information related to a user’s visit to the Site, including the Internet Protocol (IP) address of the user’s computer, the user’s Internet service provider (ISP), the type and version of the browser that the user is using, the date and time the user accessed the Site, the Internet address of the website from which the user linked directly to the Site, the operating system that the user is using, and the pages of the Site that the user has visited. Unless required or permitted by law, we will not attempt to link this information with the identity of individuals visiting our Sites without consent. We may, however, review server logs and traffic for system administration and security purposes, for example, to detect intrusions into our network, for planning and improving web services, and to monitor and compile statistics about website usage. The possibility therefore exists that server log data, which contains users’ IP addresses, could in instances of criminal malfeasance be used to trace and identify individuals. In such instances, we may share raw data logs with the appropriate authorities for the purpose of investigating security breaches.
We also use cookies, analytics, pixels, and other technologies in order to improve our service, and your user experience, and to analyze how the Sites are used to assist with our business and marketing. Information regarding these technologies, and the manner in which they are used to collect personal information, are described below.
Cookies: “Cookies” are small text files that are placed on your computer by websites that you visit. They are used to identify you to the web server and will tell the server who you are when you return to a page on the same website. Your browser will only send a cookie back to the domain that originally sent it to you. A cookie cannot run any programs, deliver any viruses, or send back information about your system. There are different types of cookies: Session cookies expire when you close your browser. Persistent cookies remain on your device until they are deleted, or they expire.
We use cookies:
- to optimize your user experience and to facilitate browsing;
- to determine, facilitate, and authenticate your access privileges on our Sites;
- to complete and support a current activity, to track website usage;
- to implement security features;
- to remember your language and other preferences;
- to allow you to access your personal pages more efficiently, by storing log-in details and other information that you have previously provided;
- for advertising purposes, to offer you relevant targeted offers and other content that may be of interest to you;
- to identify third-party websites that may have redirected you to our Sites; and
- to generally improve your experience.
When you visit our Sites for the first time, a pop-up banner informs you of the use of cookies, seeks your express consent to their use, and provides a direct link to this information page. Although the banner will not normally appear on subsequent visits to our Sites, you may withdraw your consent to the use of cookies at any time by following the instructions below.
Most web browsers automatically accept cookies, but if you do not wish to have cookies on your system, you should adjust your browser settings to decline them or to alert you when cookies are being sent. The management of cookies varies for each browser, and you should consult the “Help” menu of your browser. Certain professional advertising platforms also provide users with the option to accept or block cookies used by their clients.
If you decline cookies, you may still be able to use the Sites but your ability to access certain pages, features, and functions may be affected. To find out more about cookies, including how to see what cookies have been set and how to manage and remove them, please visit AboutCookies.org
Google Analytics (Google LLC): Google Analytics 4 (GA4) is a web analysis service provided by Google LLC (“Google”). Google utilizes the data collected to track and examine the use of this website and to prepare reports on its activities and share them with other Google services such as AdWords for marketing and remarketing purposes. Google may use the data collected to contextualize and personalize the ads of its own advertising network. The following information, among others, may be collected: IP address, date, and time of the page view, click path, information about the browser you are using and the device you are using, pages visited, referrer URL (website from which you accessed Sites), location data, purchase activities. The IP address of your browser transmitted by Google Analytics is not linked to any other Google data. Google users may opt out here: https://tools.google.com/dlpage/gaoptout/
Google Signals (Google LLC): Google Signals, a feature of Google Analytics, associates the visitor information that it collects with Google information from accounts of signed-in Google account users who have consented to this association for the purpose of ad personalization. This Google information may include user location, search history, YouTube history, and data from sites that partner with Google. It is used to provide aggregated and anonymized insights into users’ cross-device behaviors. If a user falls under the described association, they may access and/or delete such data via the My Activity option provided by Google.
Google AdWords Enhanced Conversions (Google LLC): Enhanced Conversions is a Google AdWords conversion API that can improve the accuracy of conversion measurement by Coast Hotels sending hashed first-party conversion data to Google in a privacy-safe way. The feature uses a secure one-way hashing algorithm on your data, such as name and email/location addresses, before sending it to Google to be matched to a Google account.
Google Audience Targeting (Google LLC): Google Audience Targeting is a feature of Google AdWords that allows AdWords to target users who are similar to other users. One method of doing this is Customer Match data, where internal customer data is hashed and sent to Google to create a similar audience. This data is only used for audience building and is deleted once the audience is built. It is not shared with any other parties, Google services, or AdWords accounts.
Google Tag Manager (Google LLC): Google Tag Manager is a tag management service provided by Google LLC. This service helps Coast Hotels manage the tags or scripts needed on this website in a centralized fashion. This results in the users’ data flowing through these services, potentially resulting in the retention of that data. The tag manager itself does not use cookies or collect data.
Meta Pixel (Meta Platforms Inc.): Ads Conversion Tracking (Meta Pixel) is a piece of code provided by Meta Platforms Inc. that uses cookies, advertiser IDs, and device IDs to connect data from the Meta advertising network with actions performed on this website. The Meta Pixel tracks conversions that can be attributed to Meta Ads Manager ads on Meta properties such as Facebook, Instagram, Messenger, and Audience Network. On the basis of their explicit consent, if a user clicks on an advertisement placed on Facebook by Coast Hotels, the URL of our linked page will be appended by Facebook Pixel. After forwarding, this URL parameter is then written to the user’s browser via cookie, which our linked page sets itself. In addition, specific customer data such as the email address, which we collect on our Sites is linked to the Facebook ad for transactions such as purchases, account logins, or registrations, is recorded by this cookie (extended data comparison). The cookie is then read by the Facebook pixel and enables the data, including specific customer data, to be forwarded to Facebook.
Meta Pixel can optionally include the Automatic Advanced Matching service, which sends hashed personal data to Meta/Facebook to match to Facebook accounts to track conversions more accurately and to create larger custom audiences for advertising and remarketing. After uploading the data, the system checks which data is already known and assigns the users to a list. After the preparation of the Customer Match List, the encrypted customer data is automatically erased. Facebook does not obtain any new addresses in this process (encryption).
Meta Custom Audience (Meta Platforms Inc.): With the help of the Facebook pixel with extended data comparison, Facebook is able to precisely determine any visitors to a Coast Hotels online offer as a target group for the display of advertisements (so-called ‘Facebook Ads’). Accordingly, we use the Facebook pixel with extended data comparison in order to only display the Facebook ads we have placed to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g., interests in certain topics or products that are determined based on the websites visited), which we transmit to Facebook (so-called ‘Custom Audiences’).
With the help of the Facebook pixel with extended data comparison, we also want to ensure that our Facebook ads correspond to the potential interest of the user and are not annoying. In this way, we can further evaluate the effectiveness of the Facebook ads for statistical and market research purposes by understanding whether users were redirected to our website after clicking on a Facebook ad (so-called ‘Conversion’). Compared to the standard version of Facebook Pixel, the advanced data comparison feature helps us to better measure the effectiveness of our advertising campaigns by recording more attributed conversions. You can opt out of Meta’s ads personalization within the Facebook app under “Settings and Privacy”.
Microsoft Advertising (Microsoft Advertising): Coast Hotels implements Microsoft Advertising conversion tracking and remarketing features using UET (universal event tracking) through the Google Tag Manager. Microsoft Advertising uses cookies for this purpose. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers, and information about device and browser settings. Information stemming from Microsoft Ads is sent to Microsoft so advertising effectiveness can be tracked within Microsoft Ads and Google Analytics. You can opt out of personalized ads here: https://account.microsoft.com/privacy/ad-settings
Your browser or device may include “Do Not Track” functionality. “Do Not Track” is a concept that has been promoted by regulatory agencies such as the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing Internet users to control the tracking of their online activities across websites by using browser settings. The World Wide Web Consortium (W3C) has been working with industry groups, Internet browsers, technology companies, and regulators to develop a standard for “Do Not Track” technology. No standard has been adopted to date. At this time, Coast Hotels does not respond to browser “Do Not Track” signals.
Consent
Consent for the collection, use, or disclosure of personal information may be express or implied, except in the case of sensitive personal information – in which case consent must be explicit. For consent to be meaningful, it must be informed, unambiguous, specific, and freely given. Consent will only be valid if it is reasonable to expect that the individual understands the nature, purpose, and consequences of the collection, use, or disclosure of the personal information to which they are consenting. Typically, where we rely on consent to process your personal information, we will seek your consent at the time of collection, and efforts will be made to ensure that you understand the purpose(s) for which the information will be used or disclosed. In certain circumstances, we might seek your consent regarding use or disclosure after the information has been collected, but before use, such as when Coast Hotels wishes to use personal information already in its possession for a purpose that was not previously identified.
Part of providing meaningful consent is understanding the risk of harm and other consequences of the disclosure of your personal information. While we endeavor to continually use best practices to minimize the risk of harm (See: Safeguards – How Information is Protected, below), technology is constantly evolving, and no safeguards can be guaranteed to be failsafe or to provide absolute protection against malfeasors. Significant harm that may result from the unauthorized use of the personal information that you disclose includes identity theft and credit card fraud.
Withdrawal Of Consent/objection To Processing
You may always choose not to disclose personal information. Also, when we are using your personal information on the basis of your consent, you may withdraw or change your consent at any time. To withdraw or change your consent to our use of your personal information, please send your request in writing, along with details of the use of your information that you wish to change or withdraw your consent for, to the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer). Please note that where our processing of your personal information is not based on your consent (but is based on another legal ground), then we may not be able to comply with your request. We will inform you of this in writing if this is the case.
When we are using your personal information on the basis of our legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground, you may raise your objections to us. To do so, please send details of your objection in writing to the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer).
In some circumstances, particularly where our use of your information is integral to the provision of a product or service, your refusal to provide consent or a change or withdrawal of consent may affect your transactions and/or our ability to provide you with information, products, or services.
Purposes – Why We Collect, Use, And Disclose Information
We will not collect personal information that is not necessary and, except as specified below, will not use, or disclose personal information for any purpose other than the purpose(s) for which it was collected without first notifying you or obtaining your consent, as applicable. The information that we collect is used and disclosed only for business purposes. These include:
- to operate and maintain our properties and the Sites, and to respond to your requests, questions, and concerns;
- to complete and manage your reservations, including confirmations, billings, and payment processing;
- to provide high-quality customer service, including through the establishment of customer profiles that help us to better address your individual needs;
- to assist you in planning meetings and events;
- to provide you with personalized content, and to maximize our ability to provide you with information and services that are useful and relevant to you, and which address your individual needs or requirements;
- to obtain feedback regarding our hotel and services, which may include inviting you by email to write a guest review after your stay. This allows us to continually improve the services that we offer;
- to enable your participation in our Coast Hotels Rewards loyalty program, and our administration of that program including: providing you with information about your account, allowing you to access benefits and rewards, and managing your choices regarding program activity;
- to support our advertising and marketing activities, which may include allowing you to participate in promotions and contests, and to provide you with information and promotional materials, and other marketing communications, regarding Coast Hotels, and our properties, products, and services;
- to verify that any information submitted by you is accurate and complete;
- to communicate with you for other reasons related to our business, and to create a record of your involvement with us;
- to assist in ensuring your lost and forgotten belongings can be returned to you if they are located;
- for legal purposes, which may include the handling and resolution of claims and legal disputes, or for regulatory investigations and compliance;
- to detect and prevent error, fraud, theft, and other illegal or unwanted activities;
- internal business purposes, including data analysis, to administer or improve our services, enhance the user experience, and improve the functionality and quality of our Sites and online travel services;
- to comply with any legal, accounting, and regulatory requirements, including reporting requirements;
- any other reasonable purpose for which you provide consent, or for which consent may be implied in accordance with this Policy and applicable law.
Where personal information that has been collected is to be used for a purpose not previously identified, we will notify you of the new purpose and, where necessary, obtain your consent, prior to the use of that information for the new purpose unless otherwise permitted by law.
Additional Information regarding “Anti-Spam” Compliance and Telemarketing
Coast Hotels complies with applicable “anti-spam” legislation and will only send you electronic communications as permitted by law. Note that you may always unsubscribe from our electronic communications by following the “unsubscribe” link clearly included in each communication, or by notifying the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer).
Coast Hotels does not participate in telemarketing. Additionally, we do not use automated telephone calls that deliver a recorded message. We do not share guest or Coast Hotels Rewards database information with third parties for the purpose of outbound telemarketing. Scams—be they by telephone or email, including phishing—are prevalent in our world today. Should you ever receive communication claiming to be from Coast Hotels, and you are unsure of its authenticity, please contact us directly by email at info@coasthotels.com or by telephone at 1.800.716.6199. You may also contact the Privacy Officer at the address set out above.
Disclosure To Third Parties
Except as specifically provided in this Policy or permitted by law, your personal information will not be shared with third parties unless we provide you with both prior notice and choice.
If, in the course of our supply of information, products, or services to you, or your participation in our rewards program, you request information, products, or services that will be provided by one of our franchisees, we will treat as your instruction and authorization to share the necessary personal information with our franchisees to allow the franchisees to deliver the information, products, or services that you have requested to you. For instance, we may disclose your personal information to franchisees when you book through our central reservations line or the Sites.
We may also delegate our authority to collect, access, use, and disseminate your information to subcontractors for business purposes. Subcontractors to which we disclose your personal information may include payment processors, property management systems, booking engines, direct booking platforms, login authentication services, analytical support services, web hosts, customer relationship management systems, and parties that we engage to send out marketing materials. If we transfer any personal information to a third-party subcontractor, we will provide the subcontractors only with the information needed to perform the subcontracted service and will use appropriate contractual means to provide a comparable level of protection while the information is being used by them.
We have in place contracts with our subcontractors to make sure that they keep your personal information safe, secure, confidential, and in line with applicable laws. Details regarding the personal information that we make available to our subcontractors, and how it is used, are available by contacting the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer). Any request made by you to correct, change, or erase your personal information will be promptly communicated to any subcontractors in possession of that information (see Accuracy / Individual Access / Erasure).
Coast Hotels may collect, use, or disclose your personal information without your knowledge or consent where we are permitted or required to do so by applicable law, government request, request of a law enforcement agency, search warrant, subpoena or court order, or based upon our good faith belief that it is necessary to do so in order to comply with such law, request, warrant, subpoena or court order, or enforce our rights or to protect our assets, the users of our websites, products or services, or the public.
We may transfer to another entity, or its affiliates or service providers, some, or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. In each such case, Coast Hotels and the other party(ies) to the transaction or proposed transaction will enter into a written agreement limiting the period and purposes for which your personal information may be used and disclosed.
Retention Of Personal Information
Subject to any legal or accounting requirements, unless we have obtained your prior consent, we will retain personal information only as long as necessary to fulfill the purposes for which it was collected and, in any event, in accordance with our records retention policy (as revised from time to time). Personal information that is no longer required will be destroyed, erased, or made anonymous, although copies of deleted information may continue to exist on backup media. In certain circumstances, you may request the erasure of your personal information, which we will endeavor to do without undue delay as required by applicable law. Written requests should be sent to the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer). Any third-party subcontractors to which we disclose your personal information (see: Disclosure to Third Parties) must return or destroy the information when it is no longer required for the purpose of the subcontracted services.
Once personal information has been destroyed, erased, or anonymized, any rights regarding access to that information, erasure, rectification, and data portability cannot be enforced.
Safeguards – How Information Is Protected
We have implemented physical, organizational, contractual, and technological security measures to protect personal information in our possession or under our control from loss or theft, and from unauthorized access, disclosure, copying, use, or modification, regardless of the format in which the information is held. The safeguards applied will depend on the sensitivity of the personal information, with the highest level of protection given to the most sensitive information. Staff permission to access personal information is role-based and is determined in accordance with the purpose for which the information has been disclosed (see Purpose – Why We Collect, Use and Disclose Information), and the staff member’s role in fulfilling that purpose. Our data systems use user IDs, passwords, and encryption technology. We store data in secure on-site property management systems and on remote servers hosted by reputable companies in Canada. Staff and contractors who have access to personal information are bound by confidentiality obligations in order to ensure that information is handled and stored in a confidential and secure manner. Any credit card information that you submit will not be stored on our servers but rather will be sent to a PCI Level 1-compliant payment processor for storage. When destroying personal information, we delete electronically stored personal information and shred any physical materials containing personal information. While we will endeavor to destroy all copies of personal information, you acknowledge that deleted information may continue to exist on backup media but will not be used unless permitted by law.
We will continually review and update our security policies and controls as technology evolves. However, no security technology can be guaranteed to be failsafe. Using the Internet or other public means of communication to collect and process personal information may involve the transmission of data on an international basis and across networks not owned and/or operated by us. Accordingly, we cannot guarantee that personal information will not be lost, or that it will not be altered, intercepted, or stored by an unauthorized third party.
Accuracy / Individual Access / Erasure
Personal information contained in our records, or which is disclosed to third parties for the purposes described above shall be as accurate, complete, and up to date as is necessary for the purposes for which it is used. You may request access to the personal information that we hold about you by submitting a written request to the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer). Including “Request personal information” in the subject line of your email or letter will facilitate compliance with your request. We will inform you of your personal information held by us and provide an account of the use that has been made of the information, as well as identify any third parties to whom we have disclosed the information. In some instances, you may also be entitled to receive a copy of your personal information in a structured, commonly used, machine-readable format (or request that this be transferred to a third party where technically possible). In certain circumstances, Coast Hotels may not be able to provide you with access to all or some of your personal information, in which case you will be advised in writing of the reasons for our inability to provide you with the information.
You also have the right to request that we correct or rectify any information that we hold about you that is out of date or incorrect. If you demonstrate the inaccuracy or incompleteness of your personal information, the information will be amended as appropriate. You should advise us immediately if you discover inaccuracies in our data or if your personal information changes. All notices and requests regarding inaccuracies or changes should be in writing and sent to the Privacy Officer at the address set out above (see Accountability and Openness / Privacy Officer).
In certain circumstances, you have the right to require that we erase, limit, or cease processing your personal information. All notices and requests asking us to erase, limit, or stop processing your personal information should be in writing and sent to the Privacy Officer at the address set out above (see Accountability and Openness / Privacy Officer).
International Transfer And Storage Of Information
Coast Hotels is based in Canada but carries on business in multiple jurisdictions worldwide. Your personal information may be hosted, transmitted, transferred, processed, backed up, and/or stored outside of Canada, including in the United States. In addition, many of the third parties that we work with and certain of our subcontractors to which we disclose your personal information (see Disclosure to Third Parties) may process and store personal information at their facilities outside of Canada. We will use reasonable means to ensure that your information is protected, including written agreements with our third-party subcontractors, but cannot guarantee that the laws of any foreign jurisdiction will accord the same degree of protection as the laws of Canada.
Links To Other Websites
The Sites may contain optional links to services and other third-party Internet sites that we believe may be of interest to you. These include links to sites belonging to our parent company, APA Hotels and Resorts; X (formerly known as Twitter); META Business Suite (i.e., Facebook and Instagram); Apple Store; Google Play, and Buyatab (Gift cards). If you click on these links, you will leave the Coast Hotels website, and these third parties may collect data from you or your electronic devices in connection with your visit to their websites. The accessing and use of third-party websites is at your own risk, and we cannot assume responsibility for the privacy practices, policies, or actions of the third parties who operate those websites. This Policy applies only to Coast Hotels websites, and we encourage you to review the privacy policies contained on each Internet site that you access.
Compliance
Inquiries, requests, and complaints regarding our compliance with this Policy should be directed to the Privacy Officer (see Accountability and Openness / Privacy Officer).
Every complaint or challenge regarding our compliance with this Policy will be investigated, and where a deficiency is found to exist, we will take appropriate measures to address it. This may include amending our policies and procedures as necessary. We will also cooperate with regulatory authorities to resolve any complaints that cannot be resolved between us and an individual.
If you are entitled to data protection rights under European Union law or the law of the United Kingdom, or the laws of California, you are also entitled to lodge a complaint with the relevant supervisory authority that deals with data protection matters in your jurisdiction.
Additional Information For Eea And Uk Residents
This section applies to residents of the European Economic Area and the United Kingdom and, for such persons, supersedes any divergent or conflicting information elsewhere in this Policy.
Legal Basis for the Use of Your Personal Information
Coast Hotels will only process your personal information where we have a legal basis to do so. The legal basis will depend upon the reason or reasons for which we collected and require the use of your information. The legal basis will generally be one or more of the following:
- The performance of the contract that we have with you, for example, for the purpose of making, managing, and completing reservations, creating customer accounts, processing payments, participating in our Coast Hotels Rewards loyalty program, the purchase of gift cards, returning lost or forgotten items, and providing our services to you.
- Our legitimate interests (or those of a third party) in conducting and managing our business to enable us to give you the best service and the best and most secure experience, such as providing you with the best appropriate content for the Sites, emails, newsletters, and rewards programs; to enhance customer experience; and to improve and promote our products and services and the content on our Sites. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting the Privacy Officer at the address set out above (see Accountability and Openness / Privacy Officer).
- To comply with legal obligations, for example, if we are required to keep records for health and safety or other regulatory purposes, or if we are required to disclose information to law enforcement or other public authorities.
- Where you have consented to our use of your personal information for particular purposes, such as direct marketing. Where we process personal information based on your consent, you may withdraw your consent at any time by contacting the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer).
Where we collect and use “sensitive personal information” as described above (see: Collection of Information), including genetic data and biometric data for the purpose of uniquely identifying a natural person, we need to have further justification for collecting, storing, and using this type of personal information. We have in place appropriate safeguards which we are required by law to maintain when processing such data. We process special categories of personal information in the following circumstances:
- In limited circumstances, with your explicit written consent.
- Where we need to carry out our legal obligations or exercise rights in connection with employment.
- Where it is needed in the public interest, such as for disability and accessibility.
- Where it is needed to protect the vital interests of individuals.
- Where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent.
- Where you have already made the information manifestly public.
Automatic decision making
Coast Hotels does not make any decisions about you based solely on automated processing using your personal information including profiling information, where such decisions produce legal effects concerning you or similarly significant effects on you.
Children’s Privacy
We may process the personal information of children for the purposes set out above (see: Purpose – Why We Collect, Use and Disclose Information) if the information is provided by the child’s parent or legal guardian or with their authorization. We do not knowingly collect personal data directly from individuals under 16 years of age. If you are under the age of 16, please do not submit any information through our service.
Your Rights
You may exercise certain rights regarding your personal information, to the extent permitted by law:
- Withdraw consent at any time. You have the right to withdraw consent where you have previously given Coast Hotels your consent to the processing of your personal information.
- Object to processing of your personal information. You have the right to object to the processing of your personal information if the processing is carried out on a legal basis other than consent.
- Access to Information. You have the right to learn if your personal information is being processed by Coast Hotels, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the personal information undergoing processing.
- Verify and seek rectification. You have the right to verify the accuracy of your personal information and ask for it to be updated or corrected.
- Restrict the processing of your personal information. You have the right to restrict the processing of your personal information. In this case, Coast Hotels will not process your personal information for any purpose other than storing it.
- Have your personal information deleted or otherwise removed. You have the right to obtain the erasure of your personal information from Coast Hotels. This may impact our ability to provide Services to you.
- Receive your personal information and have it transferred to another controller. You have the right to receive your personal information in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.
- Lodge a complaint. You have the right to bring a claim before a competent data protection authority in your jurisdiction.
- You are also entitled to learn about the legal basis for transfers of your personal information abroad, including to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by Coast Hotels to safeguard your personal information.
International Transfer of Personal Information
When we transfer the personal information of individuals from the European Economic Area or the United Kingdom to a country or organization that is outside of the European Economic Area or the United Kingdom, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following transfer solutions is implemented:
- We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countriesOpens in a new tab.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countriesOpens in a new tab.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy ShieldOpens in a new tab.
You may make a request in writing if you would like further information on the specific mechanism used by us when we transfer personal information to countries or organizations that are outside of the European Economic Area or the United Kingdom by contacting the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer).
Additional Information For California Consumers
This section applies to consumers residing in the State of California, USA, in accordance with the California Consumer Privacy Act of 2018 (the “CCPA”), as amended, and its implementing regulations. For such persons, this information supersedes any divergent or conflicting information elsewhere in this Policy.
Coast Hotels does not sell personal information. Coast Hotels shares personal information with its franchisees and service providers as described above (see: Disclosures to Third Parties) and in this section, below. Note that the exchange of personal information with a service provider pursuant to a written contract that meets the requirements set by the CCPA does not constitute a sale or sharing of personal information.
Your Privacy Rights Under the California Consumer Privacy Act
THE RIGHT TO OPT-OUT OF SALE OR SHARING OF PERSONAL INFORMATION. TO EXERCISE THIS RIGHT, VISIT YOUR SETTINGS
THE RIGHT TO ACCESS PERSONAL INFORMATION; THE RIGHT TO KNOW AND TO PORTABILITY
You have the right to request that we disclose to you:
- The categories of personal information that we collect about you.
- The categories of sources from which the personal information was collected.
- The purposes for which we use your information.
- To categories of third parties to whom we disclose such information.
- The specific pieces of personal information we have collected about you.
You also have the right to know what personal information we sell or share, and to whom. In particular, you have the right to request two separate lists from us where we disclose:
- The categories of personal information that we sold or shared about you and the categories of third parties to whom the personal information was sold or shared; and
- The categories of personal information that we disclosed about you for a business purpose, and the categories of persons to whom it was disclosed for a business purpose.
The disclosures described above will be limited to the personal information collected or used by Coast Hotel in the preceding 12-month period.
If we deliver our response electronically, the information enclosed will be “portable”, i.e., delivered in an easily usable format to enable you to transmit the information to another entity without hindrance provided that it is technically feasible to do so.
THE RIGHT TO REQUEST THE DELETION OF YOUR PERSONAL INFORMATION
You have the right to request that Coast Hotels delete any of your personal information under its control, subject to applicable legal exceptions. These include but are not limited to: where the information is used to identify and repair errors, to detect security incidents and protect against fraudulent or illegal activities, and to exercise certain rights.
If no legal exception applies, as a result of exercising your right, we will delete your personal information, and instruct any of our service providers and other third parties with whom we have shared your personal information to do so, provided that this is technically feasible and does not involve disproportionate effort.
THE RIGHT TO CORRECT INACCURATE PERSONAL INFORMATION
You have the right to request that Coast Hotels correct any inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.
THE RIGHT TO LIMIT THE USE OF YOUR SENSITIVE PERSONAL INFORMATION
You have the right to request that we limit our use or disclosure of your sensitive personal information to that use which is necessary to satisfy our obligations related to your use of our goods or services. However, there is no need for you to contact us to exercise this right as we already limit our processing of sensitive personal information in this way.
Please note that, for California consumers, the term “sensitive personal information” includes:
-
Personal information that reveals: (A) a consumer’s social security, driver’s license, state identification card, or passport number; (B) a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (C) a consumer’s precise geolocation; (D) a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; (E) the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; and (F) a consumer’s genetic data.
-
(A) The processing of biometric information for the purpose of uniquely identifying a consumer; (B) personal information collected and analyzed concerning a consumer’s health; and (C) personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.
THE RIGHT TO BE FREE FROM RETALIATION FOLLOWING THE EXERCISE OF YOUR RIGHTS
Coast Hotels will not discriminate against you for exercising your rights under the CCPA. This means that we will not discriminate against you, including, but not limited to, by denying goods or services, charging you a different price, or providing a different level or quality of goods or services just because you exercised your consumer privacy rights.
However, if you refuse to provide your personal information to us or ask us to delete or stop selling your personal information, and that personal information or sale is necessary for us to provide you with goods or services, we may not be able to complete that transaction.
To the extent permitted by the law, we may offer you promotions, discounts, and other deals in exchange for collecting, keeping, or selling your personal information, provided that the financial incentive offered is reasonably related to the value of your personal information.
How To Exercise Your Rights
To exercise the rights described above, other than the right to opt-out of the selling or sharing of your personal information, submit your verifiable request to us by contacting the Privacy Officer using the contact information set out above (see Accountability and Openness / Privacy Officer). A verifiable request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Coast Hotels will not be able to comply with any request if we are unable to verify your identity and therefore confirm that the personal information in our possession actually relates to you.
Making a verifiable consumer request does not require you to create an account with us. Coast Hotels will use any personal information collected from you in connection with the verification of your request solely for the purposes of verification, and will not further disclose the personal information, retain it longer than necessary for purposes of verification, or use it for unrelated purposes.
If you cannot personally submit a verifiable request, you can authorize a person registered with the California Secretary of State to act on your behalf. And, if you are an adult, you can make a verifiable request on behalf of a child under your parental authority.
Our Personal Information Processing Practices
California consumers are entitled to the following information about our personal information processing practices:
The following table shows the categories of personal information we have collected within the scope of this privacy policy within the last 12 months. The descriptions and examples shown in the table are provided for insight into the definition of these categories; we do not necessarily collect the information shown in the “Category description/examples” column.
Category | Category description/examples | Collected |
---|---|---|
A. Identifiers. | Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers | Yes |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | Name, contact information, government-issued ID numbers, signature, physical characteristics, physical description, and financial information, employment history, financial account numbers, medical information, health insurance information, education, employment | Yes |
C. Protected classification characteristics under California or federal law. | Gender, age, medical conditions, primary language, national origin, citizenship, and marital status | Yes |
D. Commercial information. | Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes |
E. Biometric information. | Thumbprint data, face recognition data, retinal identification data | No |
F. Internet or other similar network activity. | Browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement. | Yes |
G. Geolocation data. | Data regarding a consumer’s location | Yes |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | Yes |
I. Professional or employment-related information. | Employment affiliation, employment history, professional and personal references, educational history, professional certifications and associations, professional licensure information | Yes |
J. Non-public education information. | Educational history | No |
K. Inferences drawn from other personal information. | Purchase preferences, product preferences, demographic characteristics | Yes |
The following table shows the categories of sensitive personal information, as that term is defined under California law, that we have collected within the scope of this privacy policy within the last 12 months.
Category | Collected |
---|---|
A. Personal information that reveals a consumer’s social security, driver’s license, state identification card, or passport number | Yes |
B. Personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account. | Yes |
C. Personal information that reveals a consumer’s precise geolocation | No |
D. Personal information that reveals a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership | Yes |
E. The contents of a consumer’s mail, email, and text messages except where we were the intended recipient of the communication | No |
F. Personal information that reveals a consumer’s genetic data | No |
G. Biometric information used to uniquely identify a consumer | No |
H. Personal information collected and analyzed concerning a consumer’s health | No |
I. Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation. | No |
The following table lists the categories of personal information that we have shared with third parties for our business purposes in the past twelve months.
Category | Categories of recipients receiving for a business purpose | Categories of recipients receiving as a sale or for cross-contextual behavioral advertising |
---|---|---|
A. Identifiers. | Service providers | Behavioral advertisers, analytics providers |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | Service providers | Behavioral advertisers, analytics providers |
C. Protected classification characteristics under California or federal law. | Not disclosed | Not disclosed |
D. Commercial information. | Service providers | Behavioral advertisers, analytics providers |
E. Biometric information. | Not disclosed | Not disclosed |
F. Internet or other similar network activity. | Service providers | Behavioral advertisers, analytics providers |
G. Geolocation data. | Service providers | Not disclosed |
H. Sensory data. | Service providers | Not disclosed |
I. Professional or employment-related information. | Not disclosed | Not disclosed |
J. Non-public education information. | Not disclosed | Not disclosed |
K. Inferences drawn from other personal information. | Service providers | Behavioral advertisers, analytics providers |
We do not knowingly sell or share the personal information of children under 16 years of age.
Shine the Light
California’s “Shine the Light” law, Cal. Civ. Code § 1798.83, entitles California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. Any inquiries regarding personal information sharing with third parties may be directed to our Chief Privacy Officer using the contact information above.
Additional Information Regarding Consumer Health Data For U.s. Consumers
Because some U.S. jurisdictions consider voice recordings to be consumer health data, we wish to make you aware that we collect and process such data as described in the table below:
Categories of individuals | Categories of personal information | Purposes | Methods of collection | Categories of third-party recipients |
---|---|---|---|---|
Individuals who elect to send us voice messages, such as voicemail | Contents of message | To consider and respond to the message | Directly from individual | None, except as described in Section 2, above. |
Please note that we do not share consumer health data with any affiliates.
Your Consumer Health Data Rights
Depending on the jurisdiction where you live, you may have certain rights with regard to your consumer health data. These include the right to withdraw your consent to processing, to request the deletion of your consumer health data, and to confirm whether we collect, share, or sell your consumer health data. To exercise these rights, you can contact us as set forth above. When you contact us, please identify yourself and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Only you may make a request related to your consumer health data. We will verify your identity before processing any request.
You may also have the right to appeal the action we take in response to your request and may do so using the contact information below. When you contact us to appeal, please tell us why you believe we did not properly respond to your request. We will respond to your appeal in accordance with the timelines set forth in applicable law.
~Published: January 19, 2024