Important information and who we are
This privacy notice aims to give you information on how Greystone collects and processes your personal data through your use of our websites, software applications, social media pages, HTML-formatted email messages we send to you and through any communications we have with you when you stay as a guest at one of our hotels ("collectively, the "Services").
This Website and Services are not intended for individuals under the age of 18 and we do not knowingly collect data relating to children.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
IHA Hotel Management Company LLC, d/b/a Greystone Hotels manages hotels and related facilities, each one of which is owned by different legal entities (the "Greystone Group"). We will provide you with the legal names of each of these legal entities on request. This privacy notice is issued on behalf of the Greystone Group so when we mention "Greystone", "we", "us" or "our" in this privacy notice, we are referring to the relevant legal entity in the Greystone Group responsible for processing your data. Greystone is the controller and responsible for this Website and the Services.
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
Our full contact details are:
Full name of legal entity: IHA Hotel Management Company LLC
Name of DPO: David Rubin
Postal address: 155 Montgomery Street, Suite 404, San Francisco, CA 94104
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
This Website and or the Services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our Website, we encourage you to read the privacy notice of every website you visit.
Our Core Beliefs Regarding User Privacy And Data Protection
- User privacy and data protection are human rights
- We have a duty of care to the people within our data
- Data is a liability, it should only be collected and processed when absolutely necessary
- We loathe spam as much as you do!
- We will never sell, rent or otherwise distribute or make public your personal information
Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
If you are a resident of the EU, you have the right to make a complaint
at any time to your respective supervisory authority. For residents of the UK, the Information Commissioner's Office
(ICO) is the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach your respective supervisory authority, so please contact us in the first instance.
Other Business and Internal Computer Systems
Personal Information That This Website Collects, Why We Collect It and the Legal Basis for Using Your Personal Data
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
includes first name, , last name, username or similar identifier, , title, and gender.
includes email address and telephone numbers.
includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
includes your username and password, your interests, preferences and feedback.
includes information about how you use our website, products and services.
Marketing and Communications Data
includes your preferences in receiving marketing from us and our third parties and your communication preferences.
This website collects and may use your personal information for the following reasons:
Site visitation tracking
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer's IP address, which could be used to personally identify you, but Google does not grant us access to this. We consider Google to be a third party data processor (see section below
. Our website uses the analytics.js implementation of GA. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
In addition to Google Analytics, this website may collect information (held in the public domain) attributed to the IP address of the computer or device that is being used to access it.
We may also collect personal information about you from our direct interactions with you. This includes personal data you provide when you:
- Request our services;
- subscribe to our communications;
- request marketing to be sent to you; or
- give us some feedback
Should you choose to add a comment to any posts that we have published on blog sites, the name and email address you enter with your comment will be saved to this website's database, along with your computer's IP address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section of the respective blog post and is not passed on to any of the third party data processors detailed below. Only your name and email address that you supplied will be shown on the public-facing website.
Your comments and it's associated personal data will remain on this site until we see fit to either
- remove the comment or
- remove the blog post. Should you wish to have the comment and it's associated personal data deleted, please email us here using the email address that you commented with.
If you are under 18 years of age you MUST obtain parental consent before posting a comment on our blog.
NOTE: You should avoid entering personally identifiable information to the actual comment field of any blog post comments that you submit on this website.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you or provide the service you have requested.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time in the manner described below.
Contact forms and email links
Should you choose to contact us using the contact form on our Contact us page, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors defined in section below
. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP)
. Our SMTP servers are protected by TLS
(sometimes known as SSL) meaning that the email content is encrypted before being sent across the internet. The email content is then decrypted by our local computers and devices.
If you choose to join our email newsletter, the email address that you submit to us will be forwarded to Cendyn
who provides us with email marketing services. We consider Cendyn to be a third party data processor (see section below
). The email address that you submit will not be stored within this website's own database or in any of our internal computer systems.
If you are under 18 years of age you MUST obtain parental consent before joining email newsletter.
Your email address will remain within Cendyn's database for as long as we continue to use Cendyn's services for email marketing or until you specifically request removal from the list. You can ask us to stop sending you marketing messages at any time. You can unsubscribe using the unsubscribe links contained in any email newsletters that we send you or by contacting us at the e-mail or physical address provided above. When requesting removal, please reference the email account that is subscribed to the mailing list.
Third Party Data Processors
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section above
Essential cookies and similar technologies
These are vital for the running of our services on our websites and apps. Without the use of these cookies parts of our websites would not function. For example, session cookies allows a navigation experience that is consistent and optimal to user's network speed and choice of device.
Analytics cookies and similar technologies
These collect information about your use of our websites and apps, and enable us to improve the way it works. For example, analytics cookies show us which are the most frequently visited pages. They also help identify any difficulties you have accessing our services, so we can fix any problems. Additionally these cookies allow us to see overall patterns of usage at an aggregated level.
Tracking, advertising cookies and similar technologies
We use these types of technologies to provide advertisements that are more relevant to your interests. This can be done by delivering online adverts based your previous web browsing activity. Cookies are placed on your browser which will remember the websites you have visited. Advertising based on what you have been looking at is then displayed to you when you visit websites who use the same advertising networks.
Data Security and Data Breaches
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We will report any unlawful data breach of this website's database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
You may request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
By entering a valid email address that you have access to, we will inform you any personal information we collect that is associated with that email address and how to manage it.