Our Hotel is committed to safeguarding your privacy while visiting the Hotel website, namely, www.konabeachresort.com, (hereinafter all identified URLs are collectively referred to as the “Site”). Our goal is to provide you with an Internet experience that delivers the information, resources, and services that are most relevant to you. To achieve this goal, part of the operation of the site includes the gathering of certain types of information about site users.
COLLECTION OF PERSONAL INFORMATION & HOW DO WE USE IT
The Hotel processes Personal Information or other data about you when you interact with our Hotel, visit our Site, or use our Services. The information we may process depends upon your interaction with us. We take the utmost care to ensure that the Personal Information we obtain from you is not used in a way that you may be unaware of or not agreeable to. You may wish to submit an information request about our Hotel, participate in one of our promotions, make a reservation, or subscribe to our e-mail or postal mail lists. In response, we may ask for information such as your name, email, and postal address. In the event you opt to provide us with this information, we will only use it for the purpose specified by you at the bottom of the information gathering form.
INFORMATION COLLECTED ON THE SITE MAY BE USED TO:
- Register you as a Hotel member
- Contact you after you’ve submitted a website form
- Plan and purchase Hotel accommodations
- Enter your email in our promotions or sweepstakes
- Send marketing communications or surveys to you
- Respond to your questions or suggestions
- Improve the quality of your visit to our site
All forms will provide an opt-out button to allow you to choose not to participate in Hotel lists and future online marketing. In deciding whether or not to join such lists, please note that they are only used for Hotel purposes or in joint promotions with a Hotel partner. We do not sell, rent, or share any of your personal information with any other party including any third-party joint promoters, nor use it for unapproved commercial purposes. You may request to be removed from our marketing lists at any time. All emails distributed to our marketing lists will contain easy, online access to unsubscribe.
PERMISSION FOR USE
If you decide to make an online reservation on the Site, you will be linked to a reservation interface and a third-party booking engine (“Booking Engine”). While it appears to be part of our site, the Booking Engine is provided by a third party and is governed by its privacy practices. We understand that security remains the primary concern of online consumers and have chosen our Booking Engine vendor carefully.
PROTECTING YOUR INFORMATION
We would like our Site visitors to feel confident about using the Site to plan and purchase their accommodations, so our Hotel is committed to protecting the information we collect. Our Hotel has implemented a security program to keep information that is stored in our systems protected from unauthorized access.
Our Site is hosted in a secure environment. The Site servers/systems are configured with data encryption, or scrambling, technologies, and industry-standard firewalls. When you enter personal information during the reservation process, or during a customer email sign-up, your data is protected by Secure Socket Layer (SSL) technology to ensure safe transmission.
PERSONAL INFORMATION RETENTION
The Hotel will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law. We have enacted a data retention and deletion policy in order to ensure that Personal Information is only stored for as long as necessary for their purpose.
Our data retention and deletion policy takes account of the principle that Personal Information should be retained for limited periods even after the storage purpose has become obsolete, in order to preserve our legitimate interest in preventing unintentional deletions, in enabling the establishment, exercise, or defense of legal claims and in rendering the administration of retention and deletion periods practicable. We assume that your interests do not conflict with this, because these additional retention periods are appropriate with respect to the interests to be protected.
Unless detailed information on deletion periods has already been provided above, the following general deletion periods will apply in accordance with our data retention and deletion policy. Where data falls under several different deletion periods, the longest will apply:
We will retain customer data for the duration of the customer relationship. After the end of the customer relationship such data will continue to be retained for as long as these data are necessary for the maintenance of the customer account and for the administration of documents or data relating to the customer which falls into any of the categories identified herein below. Otherwise customer data will be deleted after expiry of 1 year.
For compliance with the statutory retention period for commercial letters and tax documents, we will retain correspondence, invoices, and other booking documentation for 7 years.
We will retain contract-related data and documents for 7 years after the end of the contractual relationship in view of the statutory limitation period for claims and statutory document retention obligations for booking receipts.
If the term “erasure” or “deletion” is used in this Privacy Statement, we reserve the right to anonymize the relevant data record, such that it can no longer be assigned to you, instead of complete deletion.
Anonymized data may be processed and used by us and our processors for an unlimited period. The processing and use of anonymized data is not subject to the GDPR and is not the subject of this Privacy Statement.
The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide Hotel services to you
- Whether there is a legal obligation to which we are subject (for example, specific laws require us to keep records of your transactions for a certain period of time)
- Whether retention is advisable considering our legal position (for example, for statutes of limitations, litigation, or regulatory investigations)
CHANGING AND ACCESSING YOUR PERSONAL INFORMATION
To the extent required by applicable law, you may be able to request that we inform you about the Personal Information we maintain about you, withdraw your consent for certain data processing activity, or request that we update, correct, delete, and/or stop processing your Personal Information. If you would like to review, correct, update, suppress, restrict or delete the Personal Information that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Information, you may contact DataProtection@PacificaHotels.com or by mail at:
ATTN: Data Protection
Aliso Viejo, CA 92656, USA
For your protection, we only fulfill requests for the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before fulfilling your request. In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database, or other limitations you would like to put on our use of your Personal Information. Please remember that if you make such a request, we may not be able to provide you with the same quality and variety of services to which you are accustomed.
Please note that we often need to retain certain data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (for example, when you make a purchase or reservation, or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase, reservation, or promotion). There may also be residual data that will remain within our databases and other records, which will not be removed.
WITHDRAWING CONSENT TO USE
Please note that opting out of marketing emails may limit your access to certain offers, benefits, and features. Also, if you opt-out of receiving certain marketing emails, that opt-out may not apply to other communications that you may continue to receive from us, such as customer service messages, messages about your account or reservations with us, and emails responding to your communications with us or requests for information that we receive from you. Requests to opt-out of receiving future marketing emails from us can take up to ten business days to be effective.
USE OF AGGREGATED DATA
The Hotel is interested in improving the Site and may develop and offer new features and services. We monitor Aggregated Data regarding use of the Site for marketing purposes and to study, improve, and promote the use of the Site. In connection with such purposes, the Hotel may share Aggregated Data with third parties collectively and in an anonymous way. Disclosure of Aggregated Data does not reveal Personal Information about individual Site users in any way that identifies who they are or how to contact them.
The Hotel has two exceptions to the limits of the use of Personal Information:
- Hotel may monitor and, when we believe in good faith that disclosure is required, disclose information to protect the security, property, assets and/or rights of Hotel from unauthorized use, or misuse, of the Site or anything found at the Site.
- Hotel may disclose information when required by law; however, only to the extent necessary and in a manner that seeks to maintain the privacy of the individual.
WHAT ARE COOKIES?
There are two different types of cookies used:
Session Cookies: Also called transient cookies, are cookies that are temporarily stored in your browser for the duration of a browser session, and they typically will store information in the form of a session identification and no further information personally identifying you.
Persistent Cookies: Also called permanent or stored cookies, are cookies that are stored on your hard drive until they expire (persistent cookies are set with expiration dates) or until you delete the cookie. Persistent cookies are used to collect identifying information, such as web surfing behavior or user preferences for a specific site.
We employ the following types of cookies:
- Required Cookies – Session Cookie
- Functionality Cookies – Persistent Cookie
- Targeting / Advertising Cookies – Persistent Cookie
These cookies are a mixture of first party cookies, which we set ourselves, and third-party cookies, which are set by other websites.
- Personalization – For example, your language preference is remembered.
- Session Management – To ensure that your session is routed to the correct system for the duration of your visit.
- AB Testing / Multivariate Testing – We can display multiple versions of a page to a user to assess which generates the best user experience.
- Advertising – We can display advertising content depending on location, language, and your past browsing history.
We use a number of cookies which are strictly necessary to allow you to access our Site, to move between pages, and to receive services which you have requested. The types of data collected are:
- Session identifier
- IP address, and information generated from anonymized IP address that includes
- A computer host name
- Geographic location
- Time of visit
- Webpage URL
- Referring website
- Security tokens (for authentication and information submission, like RFP forms)
The following is an example of a strictly necessary cookie which we use:
- Authentication Cookies: Provide an authentication method of a secure log-in.
- DoubleClick: These cookies may also be used by advertisers to allow third parties to serve advertisements to you when you are on other websites. These ads may be adapted to be relevant to you based on your use of our Site. This is done on an anonymized basis, using non-personally identifiable information.
- The types of data used include online identifiers, including cookie identifiers, IP addresses and device identifiers, imprecise location data (based on your IP address) or precise location data (if you have set your system to allow transmission of geolocation information), and client identifiers.
We use functionality cookies to allow us to remember your preferences. For example, cookies save you the trouble of selecting your language or currency every time you access the Site and recall your customization preferences.
We utilize other cookies to analyze how our visitors use our Site and to monitor website performance. This allows us to provide a high-quality experience by customizing our offering and quickly identifying and fixing any issues that arise. For example, we might use performance cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages.
TARGETING / ADVERTISING COOKIES
We allow certain third party advertisers and partners to collect information about your use of the Site through first and third-party cookies in order to serve adverts to you. They may also analyze this data in order to serve adverts to you on other third-party websites.
We also work with advertisers in order to display our advertisements on third party websites, based on cookies set on your visit to this Site. Advertising/targeting cookies may also be used to track your responses to particular adverts, which helps advertisers ensure that you see the most relevant advertisements in future on third party websites.
The following is an example of a targeting/advertising cookie which we use:
Types of targeting enacted based on cookies include:
- Demographics: Target ads based on how well products and services trend with users in certain locations, ages, genders, and device types.
- In-market: Show ads to users who have been searching for products and like-services.
- Custom intent audiences: Choose words or phrases related to the people that are most likely to engage with sites and make purchases by using “custom intent audiences.”
- Similar audiences: Target users with interests related to those on remarketing lists.
- Remarketing: Target users that have already interacted with our ads, Site, or app.
- We do not control the information collected by such partners or advertiser in connection with our Site or the further use of information we may provide to them for the aforementioned services, and they do not process such data on our behalf. Only the data protection policies of those third parties as the respective controllers of such data will apply to their processing of such data.
COOKIE CONSENT, DISABLING, & OPT-OUT
USE OF GOOGLE ANALYTICS
Our Site uses Google Analytics. You can find further information on how Google Analytics uses information from Site that use its services here: https://policies.google.com/privacy
- Browser type and version
- Operating system of your computer
- Referrer URL (i.e. the page last visited)
- Host name of accessing computer (IP address)
- Date and time of server request
To learn more about Google Analytics and cookie usage, visit their website here.
PROCESSING IN THE CONTEXT OF NEWSLETTERS/EMAIL PROMOTIONS
If you register via our Site or by other means to receive electronic newsletters or Hotel emails, we will store and process your registration data for an unlimited period of time until you unsubscribe or we cancel the newsletter dispatch in order to fulfil the existing contract with you for the receipt of the newsletter. The IP address assigned to you by the internet service provider (ISP), and the date and time of registration will also be stored when you register. The purpose of this is to protect our legitimate interest in preventing and, if necessary, prosecuting misuse of our services. In addition, we will store and process your consent to receive the newsletter for the retention period specified below. This serves to protect our legitimate interest in being able to prove in the event of a dispute that you wished to receive the newsletter.
After termination of your registration for the receipt of newsletters, we will retain the registration data, the IP address, date and time of registration and your consent for up to six months. This serves to protect our legitimate interest in being able to restore this data in the event of unintentional deletion; or in establishing, exercising or defending legal claims in connection with the registration for, and consent to, receipt of newsletters. We will assume that your interests do not conflict with this, because the retention period is appropriate with respect to the interests to be protected.
The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent unauthorized use of your e-mail address by another person.
PROCESSING IN THE CONTEXT OF REGISTRATION OR USE OF THE CONTACT FORM
If you register on our Site and create a user account (the registration form will show you which registration data we collect and store and whether entries are mandatory or voluntary), all Personal Information collected in connection with this user account will be stored in this user account until you request to delete the user account or until we cancel the user account for the performance of our contractual relationship on use of the respective website or web service. The IP address assigned to you by your internet service provider (ISP), and the date and time of registration will also be stored when you register. The purpose of this is to protect our legitimate interest in preventing and, if necessary, prosecuting misuse of our services.
After de-registration of your user account, we will retain all data for up to six months. This serves to protect our legitimate interest in being able to restore this data in the event of unintentional deletion; or in establishing, exercising or defending legal claims in connection with our contractual relationship. We will assume that your interests do not conflict with this because the retention period is appropriate with respect to the interests to be protected.
Our Site contains a Contact Form and may contain a Request For Proposal Form, which you can use to submit communications to us. When submitting information through these Forms, you are required to enter certain information, which we will use for responding to your request. These Forms enable you to submit additional information on a voluntary basis.
If you provide us with Personal Information via the user account or the Contact Forms for a purpose beyond the use of the Site or respective web service, such as sending us an offer or product information, we will also store and process this data for this purpose.
THIRD PARTY ADVERTISING
The Hotel engages third party vendors in interest-based advertising in order to deliver advertisements and personalized content that we and other advertisers believe will be of interest to you. To serve such advertisements, these companies place or recognize a unique cookie on your browser, including the use of pixel tags. For example, if you go to the Site to book a hotel room, you may later see an advertisement from us when you visit another website. To the extent that third parties are using cookies or other technologies to perform these services, the Hotel does not control the use of this technology or the resulting information for online advertising and is not responsible for any actions or policies of such third parties.
CHILDREN’S PRIVACY & PARENTAL CONSENT
We do not knowingly collect personal information from individuals under 18 years of age. As a parent or legal guardian, please do not allow your children to submit personal information without your permission.
LINKS PROVIDED TO OTHER SITES
Our Hotel may provide links to a number of other websites that we believe might offer you useful information and services. However, those sites may not follow the same privacy policies as us. Therefore, we are not responsible for the privacy policies or the actions of any third parties, including without limitation, any website owners whose sites may be reached through this Site, nor can we control the activities of those sites. We urge you to contact the relevant parties controlling these sites or accessing their online policies for the relevant information about their data collection practices before submitting any Personal Information or other sensitive data.
INFORMATION ON DATA SUBJECT RIGHTS
You as the data subject have certain rights with regard to your Personal Information, which we will explain to you below. As stated above and below, if you would like to review, correct, update, suppress, restrict or delete the Personal Information that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Information, you may contact DataProtection@PacificaHotels.com or by mail at:
ATTN: Data Protection
Aliso Viejo, CA 92656, USA
For your protection, we only fulfill requests for the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before fulfilling your request.
Right of Access and Information – You have the right, where the statutory requirements are met, to request from us at any time, at no cost, confirmation as to whether Personal Information relating to you is being processed, a copy of this data, and comprehensive information on this personal data. This right extends in particular, without limitation, to the purposes of processing, the categories of Personal Information being processed, the recipients, the storage period and the origin of the data.
Right to Rectification – You have the right to request us to rectify incorrect and incomplete Personal Information concerning you without delay, where the statutory requirements are met.
Right to be Forgotten – You have the right to demand from us the immediate deletion of Personal Information concerning you, where the statutory requirements are met, if, among other reasons, their storage is no longer necessary or unlawful, if you withdraw your consent on which their storage was based, if you have validly objected to their storage in accordance with below Sections, if we are obligated to delete them for any other reason or if the data were collected as part of a web service. If we have made the data public, in addition to deletion of the data, we must also inform other controllers in such cases that you have requested the deletion of this data and all references thereto, insofar as this is reasonable in view of the available technology and the implementation costs. The above obligation does not apply in certain exceptional cases, in particular storage for the purpose of establishing, exercising or defending legal claims.
Right to Restriction of Processing – You have the right to request us, where the statutory requirements are met, to restrict the processing of personal data relating to you, for example if you dispute their accuracy, the storage is no longer necessary or is unlawful and you still do not wish to have it deleted or if you have filed an objection to the processing (see below) as long as it has not yet been established whether our legitimate reasons outweigh yours.
Right to Data Portability – If automated processing of Personal Information occurs solely on the basis of your consent or to fulfil a contract with you or to implement pre-contractual measures, you have the right to require us, subject to statutory requirements, to make available the Personal Information in relation to yourself that you have provided to you or to a third party you designate, if this is technically feasible, in a structured, current and machine-readable format and not to impede its transfer to a third party.
Right of Objection – You have the right to require us, where the statutory requirements are met, to no longer process Personal Information relating to you which we process for the performance of a task which is in the public interest or for the protection of our legitimate interests or those of a third party, if you object to such processing for reasons which arise from your particular situation. In this case we must desist from further processing unless there are compelling grounds for processing which outweigh your interests or the processing is carried out for the establishment, exercise or defense of legal claims.
Right of Objection to Direct Marketing – You can object to the further processing of your Personal Information for direct marketing purposes at any time, and we will consequently refrain from processing them for this purpose. This also applies to profiling insofar as it is associated with such direct marketing.
Automated Decisions – We will not make any decisions without your consent which produce legal effects concerning you or similarly significantly affect you and that are based exclusively on automated processing (including profiling).
Consents – If you consent to processing, this is voluntary, unless we inform you otherwise in advance, and the refusal of consent will not be sanctioned. You can withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Processing on a legal basis other than your consent will also be unaffected by such withdrawal. However, you may also exercise the above statutory rights in this respect (e.g. the right of objection as described above). In particular, you may withdraw any consent to the use of your e-mail address or telephone number for direct marketing at any time and may object to any further use of your e-mail address or telephone number for this purpose at any time, free of charge (other than communication costs payable to your provider).
Right to Lodge a Complaint – You have the right to lodge a complaint with a supervisory authority. This may include, among others, the supervisory authority responsible for your place of residence or the supervisory authority generally responsible for our representative (See above).
POLICY MODIFICATIONS & CONTACTING US
You can contact us in any form to exercise your rights, in particular to withdraw any consent you may have given, and especially our representative in the European Union also. You may be required to identify yourself to us as a data subject to exercise your rights.
Aliso Viejo, CA 92656, USA
CALIFORNIA CONSUMER PRIVACY STATEMENT
Effective date: January 1, 2020
1. Notice of Collection and Use of Personal Information
- Identifiers: Personally identifiable identifiers such as name, Social Security number, driver’s license number, passport number, billing address; telephone number and other forms of online identifier, internet protocol address, email address, account name, signature, bank account number, credit card number, debit card number and other similar identifiers.
- Technical Identifiers and Online Activity: Unique personal identifiers (such as a device identifier); cookies, beacons, pixel tags, mobile ad identifiers and similar technology Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications or advertisements.
- Geolocation Data: Data approximated to region via an IP address.
- Inferred or Derived Information: Inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, behavior, attitudes, intelligence, abilities, and aptitudes.
2. Business Purposes:
In addition, we may use these categories of personal information for certain business purposes specified in the California Consumer Privacy Act, CCPA, as described below:
- Performing services, maintaining accounts, providing customer service, processing transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or similar services;
- Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity;
- Activities to verify or maintain the quality of service, the web site, a service or device that is owned, managed or controlled by us, and to improve, upgrade, or enhance the service
3. Prior Collection, Use and Disclosure of Personal Information
We may have collected and used your personal information, as described above, during the 12-month period prior to the effective date of this California Consumer Privacy Statement. For the personal information collected during that timeframe, we describe below: (a) the categories of sources from which we may have obtained the personal information, (b) the categories of third parties with whom we may have shared the information, (c) the categories of personal information we may have sold for non-monetary consideration, and (d) the categories of personal information we may have disclosed for a business purpose.
a. Sources of Personal Information
We may have obtained personal information about you from various sources, as described below:
- Directly from you, such as when you create an account with us
- From your devices, such as when you visit our Sites
- Vendors who provide services on our behalf
- Joint marketing partners, our affiliates and online advertising services
- Social networks
b. Sharing of Personal Information
We may have shared your personal information with certain categories of third parties, as described below:
- Joint marketing partners, our affiliates, online advertising services and data analytics providers
- Vendors who provide services on our behalf
- Government entities
- Social networks
c. Sale of Personal Information
During the 12-month period prior to the effective date of this California Consumer Privacy Statement, we may have sold the following categories of personal information:
- Identifiers such as a name, postal address, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; customer number, unique pseudonym, or user alias; telephone number and other forms of persistent or identifiers), online identifier, internet protocol address, email address, and other similar identifiers
- Commercial information, including products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies
- Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications or advertisements
- Inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, behavior, attitudes, intelligence, abilities, and aptitudes.
d. Disclosure of Personal Information for a Business Purpose
We may have disclosed to third parties for a business purpose the following categories of personal information:
- Commercial Information
- Technical Identifiers and Online Activity
- Geolocation Data
- Inferred or Derived Information
4. California Consumer Privacy Rights
You have certain choices regarding your personal information, as described below.
- Access: You have the right to request, twice in a 12-month period, that we disclose to you the personal information we have collected, used, disclosed and sold about you during the past 12 months.
- Deletion: You have the right to request that we delete certain personal information we have collected from you.
- Opt-Out of Sale: You have the right to opt-out of the sale of your personal information.
How to Submit a Request. To submit an access or deletion request, click here or call us at (844) 834-9898. To opt-out of the sale of your personal information, click here.
Verifying Requests. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request. If you have an online account with us, we may verify your identity by requiring you to sign in to your account. If you do not have an online account with us, and you request access to or deletion of your personal information, we may require you to provide any of the following information: a copy of your photo identification card or driver’s license or other identification to assist us in verifying your identity. In addition, if you do not have an online account and you ask us to provide you with specific pieces of personal information, we will require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request. If you designate an authorized agent to make an access, deletion or opt-out of sale request on your behalf (a) we may require you to provide the authorized agent written permission to do so, and (b) for access and deletion requests, we may require you to verify your own identity directly with us (as described above).
Additional Information. If you choose to exercise any of your rights under the CCPA, you have the right to not receive discriminatory treatment by us. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
CCPA Consumer Request Metrics.
The number of requests to know that the business received, compiled with or in part, and denied.
The median or mean number of days within which the business substantively responded to requests to know, requests to delete, and requests to opt-out.