Privacy Policy

Effective Date: March 11, 2021

1. General information

This policy describes how Hotels AB LLC (“AB Properties”, "we", "us", "our") collects, processes, uses and discloses your personal information when you contact us, use our services or interact with our websites, such as www.andrebalazsproperties.com, www.chilternfirehouse.com, www.chateaumarmont.com, www.mercerhotel.com, and www.sunsetbeachli.com (together the "websites").

The term “personal information” as used in this policy shall mean any information that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier or one or more factors specific to you.

Hotels AB LLC is made up of different legal entities. This policy is issued on behalf of the group so when we mention “AB Properties”, "we", "us" or "our" in this policy, we are referring to the relevant company in our group responsible for your information. For the purposes of the EU General Data Protection Regulation 2016/679 (the “GDPR”) and the UK Data Protection Act 2018, the entity with which you enter a contract or otherwise share your personal information will be the controller. Hotels AB LLC with an address at 56 Blandford Street, London, W1U 7JD is the controller and responsible for this website.

2. How can you contact us

If you have any questions or concerns regarding this policy, or to exercise any of your data protection rights and choices, please go to our websites or contact us at:

Chiltern Firehouse

Chateau Marmont

The Mercer

Sunset Beach

3. Data protection

Your privacy is important to us and we promise to respect your personal information. We will do our best to ensure that your details are accurate and up-to-date.

4. Information we collect about you

We may collect the following personal information that you choose to provide voluntarily when you access our websites, complete forms, make a call to us, correspond with us by e-mail or otherwise, and when you use our services:

We also collected the following information indirectly from you when you access our websites or otherwise correspond with us:

If you apply for work with us, we may collect, store, and use the following categories of personal information that you have provided to us in your curriculum vitae, a covering letter, on an application form or during an interview, or that we have received from a recruitment agency or background check provider:

5. How we use your information

We will use your personal information so that we can provide services to you, and only where we have a legal ground for doing so under applicable data protection law. The legal ground will depend on the purpose for which we process your personal information. We use your identifiers, commercial information and financial and transaction data in the following ways as necessary to provide our services under the agreement between you and us:

We may use your sensitive information to provide you with specialised services, such as disabled access to our premises, under the agreement between you and us.We use your identifiers, commercial information, financial and transaction data, and internet or other similar network activity in the following ways as necessary for certain legitimate interests, or where you have given your consent to such processing as required by applicable law (such consent can be withdrawn at any time):

If you have applied for work with us, we will use your identifiers, professional or employment-related information, non-public education information and protected classification information in the following ways as necessary in our legitimate interests, and to decide whether to enter into a contract of employment with you:

We may use your protected classification information in the following ways:

COVID-19

We may process your: (i) identifiers as is necessary in order to comply with our obligations under law; and (ii) COVID-19 information as is necessary for reasons of public interest in the area of public health:

We may also process your identifiers as is reasonably necessary in your legitimate interests where you have requested that we assist you with organizing a COVID-19 test with a private facility.

6. How we share information with others

We work closely with a number of trusted partners with whom we need to share personal information to help us provide our services. These include:

We will only transfer your personal information to trusted third parties who provide sufficient guarantees in respect of the technical and organisational security measures governing the processing to be carried out and who can demonstrate a commitment to compliance with those measures. We may also disclose your personal information to third parties:

We may also share your personal information (including identifiers, professional or employment-related information, non-public education information) with the following third parties for the purposes of processing your application for employment: search consultancies, background screening providers and our group companies.

7. Marketing

Personal information you supply us with and the information about your use of our services will only be used by us, to tell you by letter, telephone or email about services that may be of interest to you. We will generally ask for your consent to receive marketing communications in line with the applicable law when you first provide your personal information. Your personal information will not be disclosed to any third party for marketing purposes.

8. Transfers of your personal information

We may transfer your personal information referred to in this policy within our group and around the world to help operate our business efficiently. We will always strive to adopt the highest standards of privacy protection, wherever your personal information is located, and adopt appropriate measures to secure an adequate level of privacy protection.

If you are based within the United Kingdom or the European Economic Area (“EEA”), your information may be transferred outside of the EEA and stored or processed in other countries (including the United States of America), as part of our business operations.

Where personal information is transferred from the UK or the EEA to a country that has not received an adequacy decision by the European Commission, we rely on appropriate safeguards, such as the European Commission-approved Standard Contractual Clauses to transfer your information.

If you want further information on the specific mechanism used by us when transferring your personal information out of the UK or the EEA, please contact us using the contact details set out above.

9. Retaining your personal information

We keep records for as long as required to manage hotel bookings and provide the other relevant services anticipated by this policy. Where your information is no longer required, we will ensure it is disposed of in a safe manner.

10. Your UK and European privacy rights

If you are based in the UK or the EEA, under certain circumstances you have the following rights:

Also, where you believe that we have not complied with our obligations under this policy or European data protection law, you have the right to make a complaint to a Data Protection Authority, such as the UK Information Commissioner’s Office.

You can exercise any of these rights by contacting us using the contact details set out above.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

11. Your Californian rights

The California Consumer Privacy Act of 2018 (“CCPA”) provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Your rights and choices

As of January 1, 2020, if you are a verified California resident, you have the right to obtain certain information about our collection and use of personal information over the past 12 months, including:

The CCPA gives consumers the right to prevent businesses from selling their personal information. We take your privacy seriously and do not sell your personal information to third parties.

Exercising your rights

You can exercise any of these rights by contacting us using the contact details set out above. You may make a request up to twice within a 12-month period.

We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information) and will use that information only for that purpose. We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you.

Response timing and format

We will endeavour to respond within forty-five days of receipt of your request, but if we require more time (up to an additional forty-five days) we will notify you of the reason and extension period in writing.

Where you request a copy of your personal information, we will endeavour to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy. Any disclosures we provide will only cover the 12-month period preceding the receipt of you verified request.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

We will not discriminate against you as a result of your exercise of any of these rights.

12. Cookie usage and do-not-track

Cookies are small amounts of information that are sent to and are stored on your computer. We use them to identify you when you visit the websites, and to make your use of the websites more convenient for you. We may permit select partners to collect information from our website visitors about their online activities across other websites and over time; we do not control these partners’ use of your information. If you do not wish to have Cookies placed on your computer you can disable Cookies as described in our Cookie Policy. Please see our Cookie Policy for further details. We currently do not employ technology that permits us to recognize do-not-track signals from your web browser.

13. Changes to this policy

Any changes we may make to this policy in the future will be posted on this page and, where appropriate, notified to you by email. We will post an updated effective date on the revised policy. Please check back frequently to see any updates of changes.

14. Information security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.