Privacy Policy
Privacy Statement
Effective Date: December 31, 2022
Who We Are
This is the website (“Site”) of Moxy Times Square Hotel and each of its respective food & beverage facilities (“Moxy Times Square,” “we,” “us” and/or “our”). You can contact us as indicated at compliance@lightstonegroup.com.
Security and Privacy:
This privacy policy (“Privacy Policy”) applies to personal data that we collect from you as a user of this Site or as a client or customer (“you” or “your” being interpreted accordingly). It provides information on what personal data we collect, why we collect the personal data, how it is used and the lawful basis on which your personal data is processed, and what your rights are under the applicable data protection and privacy laws, including the General Data Protection Regulation (“GDPR”) which became applicable to us and you as of May 2018, and for California residents, under the California Consumer Protection Act (“CCPA”).
Personal data as used in this Privacy Policy means any information that can be used to directly or indirectly identify an individual, and may include your name, address, email address, phone number, contact preferences, and Internet Protocol (“IP”) address. As of the date of this Privacy Policy, we do not collect any personal data through this Site other than your IP address.
This Privacy Policy excludes those websites and online services that have separate privacy policies and that do not incorporate this Privacy Policy by reference or otherwise.
By using our Site or submitting your personal data you are agreeing to accept the terms of this Privacy Policy, so please read it carefully.
Personal Data We Collect
We collect the following personal data about you:
- Reservation Information: Guest information, such as your first and last name, email address, billing and payment information (for further details please also refer to the section below headed “Payment Information”) provided to us when you check-in at the Moxy Times Square or make a reservation directly with us. We also receive this guest information from Marriott.com or other third party online booking websites that you use to book your reservation with us.
- Other Information: Personal details you choose to give when corresponding with us by phone or e-mail, participating in user/customer surveys or otherwise visiting and interacting with this Site or any other websites we operate, and personal data that you provide to us when you visit our hotel. We can also combine personal data that you provide to us with other information we collect about you when you make a reservation through Marriott.com and other third-party services such as online restaurant-reservation or travel fare aggregator websites, as necessary to process your requests.
Automatically Collected Personal Data
When you visit our Site, our servers record information (“log data”), including information that your browser automatically sends whenever you visit the Site. This log data includes your IP address, browser type and settings, the date and time of your request.
Cookies and Similar Technologies
Our Site uses cookies (small text files placed on your device) and similar technologies described below to distinguish you from other users. This is to provide you with a good user experience when you browse our Site and allows us to improve its features.
We may also use other similar technologies including:
- Web beacons, gifs, and clear gifs are tiny graphics, each with a unique identifier that are embedded invisibly on sites and in emails. We may use web beacons allow us to know if a certain page was visited or if ad banners on our sites and other sites, if any, are effective. We may also use web beacons in our HTML-based emails to let us know whether our emails have been opened by recipients, which helps us to gauge the effectiveness of certain communications, promotions, and marketing campaigns.
- Proximity based beacons send one-way signals over very short distances, to communicate with associated mobile apps installed on your phone. They can notify you, for example, about experiences related to your trip and can alert you to related deals or promotions. Beacons communicate with your device only when you are in close proximity and only if you have given consent within the relevant mobile application.
- Pixels are small objects embedded into a web page that are not visible to the user. We may use pixels to deliver cookies to your computer, facilitate the log-in process, monitor the activity on our sites, and deliver online advertising.
- Tags are small pieces of HTML code that tell your browser to request certain content generated by an ad server. We may use tags to show you relevant advertising and promotions.
- Scripts are pieces of JavaScript code that launch automatically when certain webpages load, to determine whether users view associated advertisements.
- Local Storage Objects, such as HTML 5, are used to store content and preferences. Third-parties with whom we partner to provide certain features on our site to display advertising based upon your web browsing activity use Local Storage Objects to collect and store information.
All of the technologies described above will be collectively referred to in this Cookie Statement as “cookies”.
How We Use Your Personal Data
We use your personal data on the following grounds:
- Our legitimate business interests: For example, in connection with completion and fulfillment of reservations, to conduct user/customer surveys, to address inquiries and complaints, for direct marketing or service improvements, for administrative, operational, IT, troubleshooting, data analysis or analytics purposes, to provide you, with information about goods or services, events and other promotions we feel may interest you as a customer. Where we rely on this basis, we carry out a legitimate business assessment to ensure that our business interests do not override your rights. In some cases, you may have the right to object to this use of your personal information. For more information, please read the “Your Rights” section of this Privacy Policy.
- Contract: When it is necessary in connection with a product or service we are providing to you
- Consent: If we are not relying on another basis for processing your personal information, we will seek your consent before any use of your personal information. A clear request for your consent will be presented to you and you will have the ability to withdraw your consent at any time.
We may anonymize, aggregate and de-identify the data that we collect and use such anonymized, aggregated and de-identified data for our own internal business purposes, including sharing it with our current and prospective customers, business partners, our affiliated businesses, agents and other third parties for commercial, statistical and market research purposes, for example to allow those parties to analyze patterns among groups of people, and conducting research on demographics, interests and behavior.
Disclosure of Your Information
We may share your personal data with third parties in the following situations:
- With other companies commonly owned with the Moxy Times Square and with our partners, suppliers, or agents who perform services on our behalf, such as (i) card processing or payment services (see the section below headed “Payment Information”), (ii) credit reference agencies to protect against possible fraud, (iii) IT suppliers and contractors (e.g. data hosting providers or delivery partners) as necessary to provide IT support and enable us to provide goods/services available on this Site or to members, (iv) web analytics providers, (v) providers of digital advertising services and (vi) providers of CRM, marketing and sales software solutions
- In response to a request for information from a competent authority if we believe disclosure is in accordance with, or is otherwise required by, any applicable law, regulation or legal process with law enforcement bodies or other third parties as necessary to comply with the law;
- If we decide to re-organize, merge, or sell our business, we may disclose your personal information in the course of this activity to prospective purchasers; or
- If we otherwise notify you of the disclosure and you consent to it.
Payment Information
Currently, we do not take any credit or debit card payments through our Site. Any credit/debit card payments and other payments you make at the Moxy Times Square will be processed by our third-party payment providers and the payment data you submit will be securely stored and encrypted by our payment service providers using up to date industry standards. Please note that we do not ourselves directly process or store the debit/credit card data that you submit.
We may arrange that card or payment data you submit in support of a reservation is stored for the purpose of collecting the applicable fees. We store and use this card or payment information for the purpose of processing any future payments that you make as a customer for additional goods and services. We will store this data in accordance with our legal obligations under applicable law and only for so long as legally permitted. You may choose to opt out of us holding your card or payment data although this means that you will need to re-supply us with card/payment details for the purpose of making any future purchases.
Personal Data Transfers
If you are based in the European Union (EU) we may need to transfer your personal data to recipients outside of the EU.
This may happen if our servers or our suppliers or service providers are based outside the EU or if you visit our website while traveling to countries outside this area.
We only make these transfers, where the EU has made an “adequacy decision” for the country to which the data will be transferred or where we have put in place the “appropriate safeguards” that the law requires.
Security
We seek to use reasonable organizational, technical and administrative measures to protect personal data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contact Us” section below.
Data Retention Period
We will keep your personal data only for as long as is reasonably necessary for the purposes outlined in this Privacy Policy, or for the duration required by any legal, regulatory, accounting or reporting requirements, whichever is longer. Upon expiration of the applicable retention period we will destroy your personal data in accordance with applicable laws and regulations. In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case it is no longer personal data.
EU Individual Privacy Rights
If the GDPR applies to personal data, it gives individuals resident in the EU certain rights that they can exercise free of charge. These include the:
- Right to correct your personal data;
- Right to access your personal data;
- Right to data portability;
- Right to object to use of personal data (for example, where we are using it for direct marketing or our lawful basis is our legitimate interest);
- Right to restrict the use of your data in some circumstances; and
- Right to erasure in some circumstances
If you would like to assert one or more of these rights, please email or write to us at the address set out in the “Contact Us” section of the Privacy Policy. We will respond to your requests within all applicable timeframes.
You may also unsubscribe from receiving our email marketing communications at any time by following the “unsubscribe” instructions included in our communication.
Notice at Collection for California Residents
California residents have certain privacy rights under California law, including the California Consumer Privacy Act of 2018 (the “CCPA”). This Section explains some additional rights and details that were introduced by the CCPA.
Categories of Information That We Collect:
We collected the following categories of personal information through the use of our Site in the past twelve (12) months:
- Identifiers, such as your name, address, email address, account name, unique personal identifier, online identifier, IP address, username, or other similar identifiers.
- Personal information categories protected under pre-existing California law, such as your name, address, telephone number, payment number (last 4 digits only). Some personal information included in this category may overlap with other categories.
- Demographic information, including your age or gender. This type of personal information includes what is also considered a protected classification characteristic under pre-existing California or federal laws.
- Commercial information on your interactions with the Site, including reservations, products and services purchased from the Moxy Times Square Hotel.
- Internet or other electronic network activity information, such as session logs, search history, browsing activity on the Site and apps, browser type and browser language. This also encompasses other information that gets collected automatically when you use our sites and apps or interact with us through social media.
- Geolocation data (including your physical location), inferred from your IP address, to help us deliver relevant content and enhance your experience.
- Inferences drawn from the personal information that we collect about your preferences as they relate to the Site and apps.
Our full Privacy Policy can be accessed here.
Why We Collect This Information
Our business purpose for collecting this information is so that we can provide our business services through the Site and any apps, and to share offers that we think you may be interested in.
Sale of Data
California defines the “sale” of data very broadly, including the sharing of Personal Information with third parties. California defines a “sale” as “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Information by the business to another business or a third party for monetary or other valuable consideration.”
As explained above, certain sharing of your Personal Information is necessary for us to complete any transaction that you enter into with Moxy Times Square. If you choose to enter into certain transactions with Moxy Times Square, including hotel stays and dining in one of the restaurants and bars at the Moxy Times Square, a certain amount of sharing of your Personal Information is required to perform our transactional obligations in connection with your reservation, to run our business and provide any services to you as a customer. We do not otherwise sell California residents’ Personal Information. You can opt out of any future “sale” of personal information by emailing us at compliance@lightstonegroup.com
California residents have rights under the California Civil Code Section 1798.100, et seq. These rights are as follows:
- California residents have the right to request that we disclose to them what personal information we collect, use, disclose and sell; you may request to know the categories of personal Information collected about you or the specific pieces of Personal Information collected about you (“Right to Know”).
- California residents have the right to request that we delete their Personal Information we have collected or maintained (“Right to Request Deletion”).
- California residents have the right to opt-out of the sale of their Personal Information (“Right to Opt-Out”).
- California residents have the right not to receive discriminatory treatment by us for the exercise of their privacy rights conferred by the CCPA.
If you are a California resident, you may request that we:
- Disclose to you the following information covering the 12 months preceding your request:
- The categories of Personal Information that we collected about you and the categories of sources from which we collected such Personal Information;
- The specific pieces of Personal Information that we collected about you;
- The business or commercial purpose for collecting or selling (if applicable) Personal Information about you;
- The categories of Personal Information about you that we sold and the categories of third parties to whom we sold such Personal Information (if applicable); and
- The categories of Personal Information about you that we otherwise shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such Personal Information (if applicable).
- Delete Personal Information we collected from you.
- Opt you out of any future “sale” of Personal Information about you by emailing us at compliance@lightstonegroup.com.
We do not “sell” the Personal Information of individuals under the age of 16.
We may from time to time elect to share certain information about you collected by us on the Site with third parties for those third parties’ direct marketing purposes. California Civil Code Section 1798.83 permits California residents who have supplied Personal Information, as defined in the statute, to us, under certain circumstances, to request and obtain certain information regarding our disclosure, if any, of Personal Information to third parties for their direct marketing purposes. If this applies, you may obtain the categories of Personal Information shared and the names and addresses of all third parties that received Personal Information for their direct marketing purposes during the immediately prior calendar year (e.g., requests made in 2020 will receive information about 2019 sharing activities).
To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. To make such a request (limit one request per year), please submit a written request to us using the “Contact Us” method below (limit one request per year).
Please note that if we are unable to verify your identity to a degree of certainty as required by the CCPA through any reasonable method, we will state that we are unable to verify in a written response to you along with a reason as to why there is no reasonable method by which we can verify your identity. We will evaluate our methods for verifying the identity of all consumers who request to know or delete Personal Information on a yearly basis.
If all the consumers of a household jointly request access to specific pieces of information for the consumers of the household or deletion of the household’s Personal Information, we will comply with the request if we can verify the identity of all members of the household pursuant to our procedures for identity verification mentioned above.
As a California resident, you may designate an authorized agent to act on your behalf to make a request under the CCPA, such as requesting disclosure of any Personal Information we have sold or collected; or requesting deletion of such Personal Information. If you should use an authorized agent to exercise your various rights under the CCPA, we may require that you provide your authorized agent with written permission to exercise your various rights and to verify your own identity with us through the processes laid out in the section titled Exercising California Residents’ Privacy Rights, above. If your authorized agent does not submit proof that they have been authorized by you to submit verified requests for disclosure and deletion, we reserve the right to deny such a request that we have received and will explain to your authorized agent why we have denied such request.
Assistance for Disabled Consumers
Alternative formats of this Notice are available to individuals with a disability. Please contact us at info@lightstonegroup.com for assistance.
Changes to Our Privacy Policy
The “Last Updated” legend at the top of this page indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on this Site. Your use of our Site following these changes means that you accept the revised Privacy Policy. If you would like to review the version of the Privacy Policy that was effective immediately prior to this revision, please contact us at compliance@lightstonegroup.com.
Contact Us
Questions, comments or requests regarding this Privacy Policy should be addressed to compliance@lightstonegroup.com.