Last Updated/Effective Date: January 28th, 2020
- Information We May Collect
- Information We Automatically Collect
- Cookies and Similar Technologies
- How We Use Information We Collect
- Information We Share
- Other Uses and Disclosures
- Retention of Your Information
- California Users’ Rights
- European Users’ Rights
- Social Media Platforms and Websites
- Third Party Links
- How to Contact Us
Irrespective of which country you live in, you authorize us to transfer, store, and use your information in the United States and any other countries where we operate. In some of these countries, the privacy and data protection laws and rules regarding when government authorities may access your data may vary from those in the country where you reside. If you do not agree to the transfer, storage and use of your information in the United States, or any other country where we operate, please do not use the Websites or Services.
Information We May Collect
We may collect personal information that you provide to us voluntarily or is automatically collected from your use of and access of the Services. This personal information may include, but is not limited to, the following:
- Postal Address (billing and shipping)
- Telephone number
- Email address
- Credit and debit card number
- Financial information
- Booking, stay, and purchase history
- Social media nickname
- Communication preferences
- IP Addresses
- Device information
- Location information
The Websites offer interactive and social features that permit you to submit content and communicate with other users. You may provide personal information to us when you post information in these interactive and social features. Please note that your postings in these areas of the Websites may be publicly accessible or accessible to other users.
Unless specifically requested, we ask that you do not disclose, on or through the Services or otherwise to us, the following types of information: Social Security Numbers, National Identification Number, data related to race and ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric information, medical or mental health information, medical insurance data, sexual orientation, criminal background, or administrative proceedings and sanctions.
Information We Automatically Collect
When you use our Websites, we collect certain information automatically, such as your operating system version, browser type, internet Protocol address, and internet service provider, which then may be stored in service logs. We may also collect information about your actual location.
Cookies and Similar Technologies
We may occasionally permit other companies to set cookies on our Websites and gather cookie information for us. In some cases, we may also use another company to operate web servers or process credit card purchases for our Websites. We use the cookie information gathered by these companies in the same manner as stated above.
Pages of our Websites or our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Clickstream data is information collected by our computers when you request Web pages from the Websites. Clickstream data may include information such as the page served, the time spent viewing the page, source of the request, type of browser making the request, the preceding page viewed and similar information. Clickstream data permits us to analyze how visitors arrive at the Websites, what type of content is popular, what type of visitors in the aggregate are interested in particular kinds of content on the Websites.
How We Use Information We Collect
We use information we collect about you in ways that are compatible with the purposes for which it was collected or authorized by you, including for the following purposes:
- Provide the services you request, including:
- To facilitate reservations, payment, send administrative information, confirmations or pre-arrival messages;
- To complete your reservation and stay, for example, to process your payment, ensure that your room is available and provide you with related customer service;
- To support our electronic receipt program; and
- To manage our contractual relationship with you, because we have a legitimate interest to do so and/or to comply with a legal obligation.
- Personalize the Services according to your personal preferences, including:
- To customize your experience according to your personal preferences; and
- To present offers tailored to your personal preferences.
- Communicate with you about goods and services according to your personal preferences, including:
- To send you marketing communications and promotional offers, as well as periodic customer satisfaction, market research and quality assurance surveys.
- For other business purposes, including:
- To detect security incidents;
- To debug, identify, and repair errors that impair existing intended functionality; and
- For other limited internal uses.
- To comply with applicable legal requirements.
Information We Share
We do not share personal information with companies, organizations, or entities outside of MBI except under one of the following circumstances:
- With Your Consent. We will share personal information with companies, organizations or individuals outside of MBI when we have your consent to do so.
- Owners and Franchisees. We disclose personal information and other data to owners and franchisees of MBI branded properties for the purposes described in this Privacy Notice, such as providing and personalizing the Services and facilitating the loyalty programs.
- Strategic Business Partners. We disclose personal information and other data with select strategic business partners who provide goods, services and offers that enhance your experience at our properties or we believe will be of interest to you. By sharing data with these strategic business partners, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables spa, restaurant, health club, concierge and other outlets at our properties to provide you with services.
- For Legal Reasons. We may share personal information with companies, entities, or individuals outside of MBI if we determine that it is reasonably necessary to:
- Comply with legal requirements and respond to requests from government authorities (including laws and authorities outside your state or country);
- Meet any applicable law, regulation, legal process or enforceable governmental request;
- Detect, prevent, or otherwise address fraud, security or technical issues; and
- Protect against harm to the rights, property or safety of MBI, our Users or the public as required or permitted by law.
We may notify a User about legal demands for their personal information when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency.
- Business Transfers. If we establish a new related entity, are acquired by or merged with another organization, or if substantially all of our assets are transferred to another organization, personal information about our users is often a transferred business asset. In the event that MBI itself or substantially all of our assets are acquired, personal information about our users may be one of the transferred assets.
- Aggregate Site Use Information. We may share aggregate, anonymized, deidentified, or pseudonymized personal information to third parties in order to promote or describe use of the Websites for research, marketing, advertising, or similar purposes.
Other Uses and Disclosures
We will not share, license, transmit or disclose your personal information outside of MBI unless:
- You expressly authorize us to do so;
- It is necessary to allow our trusted service providers, affiliates, vendors, or agents to provide services for us;
- In order to provide our responses, products, or services to you;
- It is disclosed to entities that perform marketing services on our behalf or to other entities with whom we have joint marketing agreements;
- It is necessary for our legitimate business purposes, including fraud prevention and monitoring, product and service development and improvement, internal marketing purposes, and operations;
- In connection with a sale of all or substantially all of the assets of MBI or the merger of MBI into another entity or any consolidation, share exchange, combination, reorganization, or like transaction in which MBI is not the survivor;
- It is necessary to protect the rights, property, safety, operations, and privacy of our customers, ourselves, our affiliates, or others;
- It is required or permitted by applicable law, such as to comply with legal requirements and respond to requests from government authorities (including laws and authorities outside your state or country); and
- When you visit our Websites, we may collect the IP address, unique device identifier, and other information relating to the device you use to connect to the Internet. An IP address is a unique identifier that certain electronic devices use to identify and communicate with each other on the Internet. In addition, devices used to access the Internet often carry unique device identifiers, information about browser types, and operating systems. We use this information to determine the general physical location of the device and understand from what regions of the world the visitors to the Websites come. We also may use this information to enhance the Websites.
Retention of Your Information
We may retain your personal information for a period of time consistent with the original purpose for collection. For example, we keep your personal information for no longer than reasonably necessary for your use of our programs and Services and for a reasonable period of time afterward. We also may retain your personal information during the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with our legal, regulatory, or other compliance obligations, resolve disputes and enforce our agreements.
California Users’ Rights
Consumers residing in California are afforded certain additional rights with respect to their personal information under the California Consumer Privacy Act (“CCPA”) (California Civil Code Section 1798.100 et seq.) and the “Shine the Light” Law (California Civil Code Section 1798.83). If you are a California resident, this section applies to you.
CALIFORNIA CONSUMER PRIVACY ACT
Collection and Use of Personal Information: In the preceding 12 months, we have collected the following categories of personal information: identifiers (e.g., name and address), internet or other electronic network activity information (e.g., browser type), commercial information (e.g., services purchased), geolocation information, payment information (e.g., credit card information), characteristics of protected classifications (e.g., date of birth/age), and certain inferences drawn from these mentioned categories. For more information, including the categories of sources from which the information was collected and the purposes for which the information was collected, please see Information We May Collect, Information We Automatically Collect, Cookies and Similar Technologies, and How We Use Information We Collect sections. We collect personal information for the business and commercial purposes described in Information We May Collect, Information We Automatically Collect, and How We Use Information We Collect.
Disclosure of Personal Information: We may share your personal information with categories of third parties as described in the Information We Share and Other Uses and Disclosures sections above. In the preceding 12 months, we have disclosed the following categories of personal information for business or commercial purposes: identifiers, internet or other electronic network activity information, commercial information, geolocation information, payment information, characteristics of protected classifications, and certain inferences drawn from these mentioned categories.
CCPA Consumer Rights:
If you are a California resident, you have the following rights:
- Right to know your personal information.
- Right to request deletion of your personal information.
California consumers also have these additional rights, which do not apply to MBI for reasons stated:
- Right to opt-out of the sale of personal information. MBI does not and will not sell your personal information.
- Right not to receive discriminatory treatment for exercising privacy rights under the CCPA. MBI does not and will not discriminate against you for exercising your CCPA privacy rights.
To exercise your CCPA right to know and/or right to request deletion, please submit your request by either calling us at (800) 462-5428 or by emailing us at firstname.lastname@example.org with “CCPA Request” as the Subject, and in the body of the email, attesting that you are a California resident and indicating which right(s) you are requesting to exercise.(email@example.com) You may make a request to know your personal information no more than twice in a 12-month period.
Verification: Once we receive your request, we will take steps to verify your identity before fulfilling any of the above requests. We will verify your identity by matching two or three pieces of information you will need to provide with data points that we maintain (e.g. name, email, address).
Authorized Agents: If you would like to use an authorized agent registered with the California Secretary of State to exercise your rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests on your behalf.
SHINE THE LIGHT
Under California Civil Code Section 1798.83 or “Shine the Light” law, California residents may request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To request the above information, please e-mail us at: firstname.lastname@example.org.
DO NOT TRACK SIGNALS
Some web browsers may transmit “do-not-track” signals to the websites with which the user communicates. MBI currently does not respond to such signals. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are even aware of them.
Some third-party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser may include controls to block and delete cookies, web beacons and similar technologies, to allow you to opt out of data collection through those technologies.
European Users’ Rights
The European Union’s General Data Protection Regulation (“GDPR”) provides Users residing in the European Economic Area with the following rights:
- The right of access. You have the right to request a copy of your personal information which we hold about you.
- The right of rectification. You have the right to request correction or changes of your personal information if it is found to be inaccurate or out of date.
- The right to be forgotten (erasure). You have the right to request us, at any time, to delete your personal information from our servers and to erase your personal information when it is no longer necessary for us to retain such data. Note, however, that deletion of your personal information will likely impact your ability to use our services.
- The right to object. Under certain circumstances, you have the right to object to certain types of processing, including processing for direct marketing.
- The right to data portability. You have the right to a “portable” copy of your personal information that you have submitted to us. Generally, this means your right to request that we move, copy or transmit your personal information stored on our servers / IT environment to another service provider’s servers / IT environment.
- The right to not be subjected to automated decision making (profiling). You have the right not to be subject to an automated decision and insist on human intervention, if the decision is based on automated processing and produces a legal effect or a similarly significant effect on you.
- The right to restrict processing. You have the right to restrict the processing of your personal information if the accuracy of data is contested, the processing is unlawful, we no longer need the data for the original purpose, or verification of overriding grounds is pending in the context of an erasure request.
- The right to lodge a complaint with a supervisory authority.
To make a request under GDPR, please email email@example.com with “GDPR Request” as the Subject, and in the body of the email, attesting that you are a resident of the European Economic Area and indicating which right(s) you are requesting to exercise.
LEGAL BASIS FOR PROCESSING
Whenever we collect Personal Data from you, we may do so on the following legal bases:
- Your consent to such collection and use;
- Out of necessity for the performance of an agreement between us and you, such as your agreement to use our Services or your request for products;
- Our legitimate business interest, including but not limited to the following circumstances where collecting or using Personal Data is necessary for:
- Intra-organization transfers for client data for administrative purposes;
- Product development and enhancement, where the processing enables MBI to enhance, modify, personalize, or otherwise improve our services and communications for the benefit of our users, and to better understand how people interact with our Websites;
- Communications and marketing, including processing data for direct marketing purposes, and subject to your opt-in for these purposes, and to determine the effectiveness of our promotional campaigns and advertising;
- Fraud detection and prevention;
- Enhancement of our cybersecurity, including improving the security of our network and information systems; and
- General business operations and diligence.
Provided that, in each circumstance, we will weigh the necessity of our processing for the purpose against your privacy and confidentiality interests. We will consider your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. We will always limit such processing for our legitimate business interest to what is necessary for its purposes.
Social Media Platforms and Websites
Additionally, in the event that MBI offers a message board or any other interactive or social-type feature on a website administered directly by MBI, please be aware that these platforms may allow you to publicly post and share information with other users. Although MBI may take certain precautions to protect those who use these areas of an MBI website, we warn against giving out any personal information in such public forums as we cannot guarantee the privacy of that information. MBI is not responsible for any misused information you choose to post. Your use of these features is fully at your own risk.
Third Party Links
The Websites may contain links to webpages operated by parties other than MBI. We do not control such websites and are not responsible for their contents, the privacy policies, or other practices of such websites. Our inclusion of links to such websites does not imply any endorsement of the material on such websites or any association with their operators.
Our Services are not intended for use by children. We do not knowingly collect, use, or disclose personal information about visitors under the age of 16, and we request that they not provide personal information through the Services. If you believe that we might have personal information from a child under age 16, please contact us at firstname.lastname@example.org.
How to Contact Us
Malibu Beach Inn
22878 Pacific Coast Highway
Malibu, CA 90265