Privacy Policy

OUR PRIVACY COMMITMENT

Coastal Hospitality Associates (“Coastal Hospitality Associates”, “we”, “our”, or “us”) respects your privacy and strives to earn and keep your trust.

This Privacy Policy applies to information we collect from all sources, including without limitation in connection with our websites, mobile sites, applications, widgets, and electronic newsletters or communications (collectively the “Services”) that link to this Privacy Policy. We are responsible to ensure that the information you submit to us is used only in accordance with the terms of this Privacy Policy. This Privacy Policy applies to all personal data collected or submitted on the Service.

Privacy Policy

This Privacy Policy provides information on how we collect your personal data, what types of personal data we collect, how we use your personal data, with whom your personal data may be shared, how we protect and how long we store it, and what choices you have about how that information is used.

Coastal Hospitality Associates is the data controller of your personal data and is subject to the EU General Data Protection Regulation (the “GDPR”) with effect from 25 May 2018. Coastal Hospitality Associates is a data controller subject to the GDPR only insofar as we are offering goods or services to consumers in the EU or where our website may be used to monitor individuals’ behavior as far as it takes place in the EU. Except for the foregoing, this Privacy Policy is subject to U.S. laws, including all privacy regulations.

By using the Services, you will be provided the opportunity to expressly consent to our collection, use and disclosure of your personal data in the manner described in this Privacy Policy. If you do not provide us such express consent regarding your personal data being transferred or used as described in this Privacy Policy, you will not be able to utilize the full functionality of the Services or your account may be deactivated should such consent be a requisite for accessing the functionality or feature you request.

Any capitalized terms used but not defined herein shall have the meaning provided for such terms in our Terms of Use (“Terms”).

SECTION 1 – HOW WE COLLECT YOUR PERSONAL DATA

We collect information from you, and about you from third parties, in the following ways:

  1. Your submission of information when you communicate with us by telephone, email or via the Services or in connection with subscribing to alerts, newsletters, update notices or other communications from us;
  2. Your submission of information in connection with your creation of an Account, enrollment in the Services, creation of a profile on our Website, or entering into sweepstakes or contests sponsored by us, whether through an application, or otherwise;
  3. Information received from you, from various scripts, analytics tools, and other software on our website or in the Services, or which is generated as a result of your interaction and use of our website;
  4. Through cookies, web beacons, tracking technologies, and similar technologies, whether implemented by us or any third party. “Cookies” are small files that your Web browser places in your device’s memory;
  5. Information submitted by or obtainable from your internet service provider, software, computer, mobile device, or other method of accessing the Services (which you may be able to control through the settings of your software and devices);
  6. Information received from third parties, including without limitation information submitted by or available from any marketplace, store, social media network, or other service, website, or application that you use, which refers you to Coastal Hospitality Associates, or which contains or embeds any of the Services, Content, or User Content.

SECTION 2 – THE TYPES OF PERSONAL DATA WE COLLECT

The information we collect will vary based on your use of the Services and information, actions you elect to take, and based on such actions the information and data you elect to submit (for example, if you elect to create an Account certain information will be requested, some of which is required to create the Account and some of which is optional). Based on the foregoing, the information we collect may include:

  1. Personal identification information, including without limitation your name, email address, zip code, user name, and password;
  2. Device and connection information, including without limitation details regarding your IP address, browser, operating system, screen display;
  3. Usage information, including without limitation what parts of our Services you are using, the length of time using the Services or any portion thereof, your interactions with the Services, the frequency of your use of the Services or any portion thereof, photographs, videos, comments, or other data you may upload and any meta data contained therein;
  4. Location information, to the extent provided or available from your internet service provider, device, software, or User Data;
  5. Tracking information and related personal information, including without limitation browsing patterns, history, referral source, search terms leading you to the Services, to the extent obtainable using cookies, beacons, website analytic services, or similar technologies;
  6. Information we receive from any third party, affiliate, referral source, a separate user of the Services, marketplace, store, social media network, or other service, website, or application that you use, which refers you to Coastal Hospitality Associates, or which contains or embeds any of the Services;
  7. Information embedded in any User Content you submit, including any metadata, which may include without limitation identification information regarding the device which captured and/or edited such User Content, location information, personal information, technical information, or other information;
  8. Any information that you reveal in a public forum (such as a bulletin board or comments).

Coastal Hospitality Associates does not store any credit card information. Coastal Hospitality Associates uses a third party vendor which directly receives and stores personal credit card data, and manages credit card processing for subscriptions and transactions.

SECTION 3 – HOW WE USE YOUR PERSONAL DATA

Except as set forth herein, your personal data will not be knowingly provided by Coastal Hospitality Associates to third parties without your explicit permission.

Among other uses set forth in this policy, we may process your personal data we receive because it is necessary for the performance of a contract with you, including, once you accept our Terms, create an Account and authorize us to use your personal data, to:

  1. Provide the Services to you or send any information to you, including alerts, newsletters, or other materials you have requested;
  2. Enable you to access or use the Services, functionality, Content, User Content, Materials, or other portions thereof which you requested;
  3. Enable our interactive tools to function properly for you to be able to use the Services;
  4. Respond to your requests and send messages to you, notice to you, or otherwise communicate with you regarding your Account, the Services, and any customer service or technical support issue you raise;
  5. Disclose, use, and reproduce the comments and feedback you reveal in a public forum ion the Services in accordance with our Terms;
  6. Facilitate your experience through cookies which allow the Services to recognize you if you visit multiple pages during the same session, so that you don’t need to re-enter your information multiple times. Once you close your browser, session cookies expire and no longer have any effect.

We may also process your personal data because it is necessary for our or a third party’s legitimate interest. Our “legitimate interests” include our interests in offering and operating the Services in an efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements (including our legal obligations laid down in United States federal or state law and any regulatory duties we are subject to in the USA). In this respect, we may use your personal data to:

  1. Send periodic emails or other communications to you;
  2. Generate anonymized information aggregated with other users’ information, which does not allow you to be identified or contacted (“Aggregate Information”), to improve the Service and our offerings. For example, we might generate Aggregate Information regarding the number of users of our site and the activities they conduct while on our site. We might also generate Aggregate Information that “30 percent of our users live east of the Mississippi” or that “25 percent of our users have looked into surfing charts in Orange County.” Depending on the circumstances, we may or may not charge for this information;
  3. Present User Content or comments you upload on our website or otherwise incorporate such User Content into the Services for other users to access and view as you expressly permitted;
  4. Administer any surveys, promotions, rewards, or other programs run by Coastal Hospitality Associates or its vendors from time-to-time;
  5. Perform statistical analysis, customer evaluation, and other administrative or business analysis for our own internal purposes;
  6. Outsourcing selected back office functions to third party controllers for the purposes of efficient, fast and secure access to data, and the efficient management of our Services, but only if they meet the requirements of Section 6 below.

We may also process your personal data for our compliance with our legal obligations. In this respect, we may use your personal data for the following:

  1. To meet our compliance and regulatory obligations, both in the US and the EU, including with respect to any EU Member State where we are providing our Services;
  2. To assist with investigations (including criminal investigations) carried out by the police and other competent authorities, where those authorities are acting in compliance with US and EU laws, including laws of any EU Member State where we are providing Services.

In addition, we may also process your personal data:

  1. To enforce any of our rights under the Terms, this Privacy Policy, any Service specific terms and conditions, or any other rights we may have;
  2. When we have your specific or, where necessary, explicit consent to do so.

SECTION 4 – WITH WHOM YOUR PERSONAL DATA MAY BE SHARED

We share your personal data with:

  1. You or any person with your Credentials;
  2. Coastal Hospitality Associates employees, in order to operate, optimize, improve, and/or further develop the Services;
  3. Third party processors who meet the requirements in Section 6, as necessary to submit and process payments, collect any amounts owed, or otherwise address any payment obligations or issues;
  4. Our third party processors who meet the requirements in Section 6, for the purposes of improving the Services or our business;
  5. Governmental authorities, regulatory bodies, law enforcement, or other authorized persons to the extent required by law or deemed by us to be necessary, appropriate, or in the best interests of Coastal Hospitality Associates or the public in connection with a request from the foregoing;
  6. To the extent you expressly authorize to do so, affiliated or unaffiliated third parties for marketing purposes;
  7. A third party, subject to a reasonable obligation of confidentiality, in connection with any merger, acquisition, asset sale, financing, or other capital transaction involving the sale of all, or substantially all, of our assets.

SECTION 5 – WHEN DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE OF THE EU

If your personal data is subject to GDPR, in the course of providing the Services to you, we may transfer your personal data outside of the European Economic Area (“EEA”), principally to Coastal Hospitality Associates’s servers in the United States; this means that your personal data will not have the automatic protection of European data protection laws (including the GDPR) which apply in the EEA. In these circumstances, in order to ensure that your personal data continues to have adequate protection when it is transferred outside the EEA, your personal data will only be transferred on one of the following bases:

  1. Where the transfer is subject to one or more of the appropriate safeguards for international transfers prescribed by applicable law (for example, standard data protection clauses adopted by the European Commission);
  2. a European Commission decision provides that the country or territory to which the transfer is made ensures an adequate level of protection; or
  3. there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).

You can obtain more details of the protection given to your personal data when it is transferred outside the EEA by contacting us using the details set out below.

SECTION 6 – OUR LIABILITY FOR ONWARD TRANSFERS

We require third-party controllers to whom we disclose your personal data to contractually agree to (i) only process such personal data for the limited and specified purposes consistent with the consent you provide; and (ii) provide the same level of protection to your personal data as required under this Privacy Policy; and (iii) notify us if the third-party controller makes a determination that it can no longer meet the foregoing obligations.

In addition, when we transfer your personal data to a third party processor acting as our agent, we will: (i) transfer such personal data only for the limited and specified purposes consistent with the request or consent you provide; (ii) contractually require the processor to provide at least the same level of privacy protection as is required by this Privacy Policy; (iii) require the processor to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the this Privacy Policy. Should we receive any such notice, we will take reasonable and appropriate steps to stop and remediate unauthorized processing.

We shall remain liable should our processors process personal data in a manner inconsistent with this Privacy Policy, unless we can prove we are not responsible for the event giving rise to the damage. We acknowledge our liability for such data transfers to third parties in violation of this Privacy Policy.

SECTION 7 – SECURITY

We use encryption and authentication tools to protect the security of personal information that you share with us. However, no data transmission over the internet (or, with respect to our mobile services, over cellular phone networks) can be guaranteed to be 100% secure. As a result, while we strive to protect personal data, we cannot and do not guarantee or warrant the security of any information you transmit to or from the Service, and you do so at your own risk.

Except as set forth herein, we restrict access to your personal information such that those Coastal Hospitality Associates employees, contractors, and agents who need to know such personal information in order to operate, develop or improve our Services or otherwise fulfill their obligations to us are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

SECTION 8 – HOW LONG IS YOUR PERSONAL DATA KEPT

We will retain your personal data for as long as your Account on the Services remains in good standing, and for as long as permitted or required for legal and regulatory purposes after your Account is terminated. Please note that Aggregate Information, which is not personal data, shall be retained indefinitely to improve the functionality of the Service.

SECTION 9 – YOUR PRIVACY CHOICES

You have the following rights in relation to our processing of your personal data. Please note that these rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

  1. To obtain access to, and copies of, the personal data that we hold about you;
  2. To require us to correct the personal data we hold about you if it is incorrect. You are able to update certain personal data that you have provided to us when you opened your Account, by updating the “My Account” section on the web site;
  3. To require us to erase your personal data in certain circumstances;
  4. To require us to restrict our data processing activities in certain circumstances;
  5. To object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on you;
  6. To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
  7. Where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal. You are able to change certain privacy choices by updating the “My Account” section on the web site.

If you are not satisfied with how we are processing your personal data, you can make a complaint to a data protection supervisory authority in the US or EU, as applicable, including the data protection regulator in the EU country where you are located.

If you do not agree with this Privacy Policy, please discontinue use of our Services. You also have the option of setting your browser to reject “cookies.” However, doing this will hinder performance and negatively impact your experience using the Services.

If you have signed up to receive our e-mails and prefer not to receive marketing information from this Service, follow the “unsubscribe” instructions provided on any marketing e-mail you receive from this Service. Any unsubscription or opt-out from our sharing of your personal information or communications in accordance with this Privacy Policy will be effective after we have received your request, verified your identity (if applicable), and had a reasonable time to implement your request.

California Residents — Your California Privacy Rights

California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the business’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. Alternately, businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties’ direct marketing purposes if the customer has exercised an option to opt-out of such information-sharing. We require you to expressly opt-in to any disclosure of your personal data to third parties for the third parties’ direct marketing purposes which is stricter than required under California law.

SECTION 10 – COLLECTION OF INFORMATION BY THIRD-PARTY SITES, AD SERVERS, SPONSORS

Some of our Services contain links to other sites whose information practices may be different than ours. Visitors should consult the other sites’ privacy notices as we have no control over information that is submitted to, or collected by, these third parties.

Coastal Hospitality Associates Services covered by this privacy statement sometimes may offer content (e.g., contests, sweepstakes, or promotions) that is sponsored by or co-branded with identified third parties. By virtue of these relationships, the third parties may obtain personally identifiable information that visitors voluntarily submit to participate in the site activity. We have no control over these third parties’ use of this information. The site will notify you (in its privacy policy or elsewhere) at the time of requesting personally identifiable information if these third parties will obtain such information.

We also use the services of reputable third party processors to provide us with data collection, reporting and web analytics, as well as to assist with delivery of relevant content, marketing messages and advertisements. All of our disclosure to such third parties shall be subject to the requirements under Section 6 if any of your personal data is transferred to such third parties. We, our third party service providers, advertisers and/or partners may also place web beacons for these third parties. For more information on how our sites may use third-party ad servers and your ability to opt-out of targeted advertising from such third party ad servers, please see the section below on “Third Party Ad Servers”.

Any information linked to on a third party website or domain, or embedded in the Services but hosed on a third party domain, belongs to such third party and any information submitted or collected as a result of the access or use thereof is subject to the privacy policy of such third party.

SECTION 11 – THIRD PARTY AD SERVERS

Our advertising service vendors and other third parties will at times also use Tracking Technologies to serve you advertisements tailored to interests you have shown by browsing on this website and other sites, applications, destinations, and services you have visited, and for other lawful business purposes. In doing so, these third parties will collect non-personally identifiable data including for example the make, model, settings, specifications (e.g., CPU speed, connection speed, browser type, operating system, device identifier) and geographic location of your computer, mobile or other device, as well as date/time stamp, IP address, pages visited, time of visits, content viewed, ads viewed, the site(s), application(s), destination(s), and/or service(s) you arrived from, and other clickstream data. The use of Tracking Technologies by third parties is subject to their own privacy policies, not this Privacy Policy, and we have no responsibility or liability in connection therewith. If you do not want the services that Tracking Technologies provide, you may be able to opt-out of certain of such Tracking Technologies or limit such Tracking Technologies by visiting http://optout.networkadvertising.org, using script-blockers, and modifying the tracking options in your web browser, phone, computer, or other device or software. We do not guarantee that any such actions will prevent or limit the Tracking Technologies or that any opt-out decision will be honored by any third party.

SECTION 12 – CHILDREN’S PRIVACY AND INTERNATIONAL CONSIDERATIONS

Protecting the privacy of young children is especially important. For that reason, Coastal Hospitality Associates does not knowingly collect or maintain personal information from persons under 13 years. If Coastal Hospitality Associates learns that personal information of persons under 13 years has been collected on or through the Services, Coastal Hospitality Associates will take the appropriate steps to delete this information. If you are the parent or legal guardian of a child under 13 who has become a registered user or subscriber of Coastal Hospitality Associates or any of the Services or otherwise set up an Account, then please contact Coastal Hospitality Associates to have that child’s account terminated and personal information deleted.

We are headquartered in the United States and any information that you submit or we otherwise obtain will be transferred to, collected, and held in the United States. We may subsequently transfer such information to any other country or jurisdiction in connection with the authorized uses and disclosures of information set forth herein.

SECTION 13 – CONTACTING Coastal Hospitality Associates

Questions regarding this policy and our practice should be directed to Coastal Hospitality Associates Support, by e-mail to https://coastalhospitalityhotels.com/contact/, or by postal mail to Coastal Hospitality Associates, 3612 Atlantic Avenue

Virginia Beach, VA 23451.

SECTION 14 – CHANGES TO THIS PRIVACY POLICY

Coastal Hospitality Associates may change this Privacy Policy at any time by posting revisions to our site. We will not reduce your rights under this Privacy Policy without your explicit consent, and we expect most such changes will be minor. In the event that any changes are made to use of your personal data, you will be informed via e-mail, and will afford you the opportunity to opt-out of any further use. Your use of the site constitutes acceptance of the provisions of this Privacy Policy and your continued usage after such changes are posted constitutes acceptance of each revised Privacy Policy. If you do not agree to the terms of this Privacy Policy or any revised policy, please exit the site immediately.

This Privacy Policy was last updated on October 10, 2019.