NOBLE HOUSE HOTELS & RESORTS PRIVACY POLICY

DO NOT CONTINUE TO USE OUR WEBSITE IF YOU DO NOT ACCEPT THE TERMS OF THIS PRIVACY POLICY.

PERSONAL INFORMATION
At Noble House Hotels and Resorts (“Noble House”), we understand the importance of privacy and are committed to implementing standards for the protection of Personal Information (defined below). In this policy, “Noble House Hotels & Resorts” means any and all affiliated and/or subsidiary companies, as they may exist from time to time. The words ‘Noble House Hotels & Resorts’, ‘Noble House’, ‘we’, or ‘us’ do not include third party hotel owners or third parties involved in the delivery of services. However, we have requested such hotel owners and third party suppliers to adhere to the terms of our Privacy Policy.

Noble House will not collect any personally-identifiable information about its visitors and guests (e.g., your name, address, telephone number, or email address) (“Personal Information”) through our websites unless it has been provided to us voluntarily. You may provide us with your Personal Information by making a reservation, by using our services, by providing it to us in communications such as comment cards and surveys, or by participating in a marketing initiative. From time to time, Noble House offers packages or other services that involve third parties. If you are participating in these packages or services, your Personal Information will be shared with that third party to the extent necessary to provide the service and/or process the purchase or request. We may use the information you provide to send you offers and information about Noble House. If you do not wish to receive such offers and information, you may unsubscribe at any time by following instructions provided in each marketing message.

Noble House may manage hotels or resorts for third party owners. Your Personal Information is shared with those third party owners of the property where you intend to stay to the extent necessary for them to process the transaction. All hotels and resorts that are managed by Noble House are required to agree to abide by the terms of this Privacy Policy.

ADDITIONAL INFORMATION COLLECTED AUTOMATICALLY
Noble House uses “cookies” on our websites, which are pieces of information that an Internet site transfers to a visitor’s hard drive for record-keeping purposes. The use of cookies is an industry standard and they are found almost everywhere on the Internet. We may evaluate content and services and tailor our websites based on other information it collects, such as IP addresses (numbers assigned to a computer whenever the Internet is used), pixel tags, and the type of Internet browser or operating system that is being used. This information is collected in the aggregate, but it may be linked it to Personal Information through cookie use as described above. With most Internet browsers, you can erase cookies from your computer hard drive, block all cookies, or receive a warning before a cookie is stored. Please refer to your browser instructions or help screen to learn more about these functions.

WHY COLLECT PERSONAL INFORMATION
Noble House collects Personal Information for a variety of reasons, including to establish and maintain a responsible business relationship with our visitors and guests, to better understand the needs of our visitors and guests in order to provide better service, to develop and improve products and services for our visitors and guests, and to adhere to legal and regulatory requirements.

DATA SECURITY
Noble House uses safeguards and technology that acts in accordance with applicable laws and industry standards to guard Personal Information against loss, destruction, misuse, improper disclosure, and unauthorized access or modification. These safeguards are routinely tested internally and periodically audited by Noble House’s IT Department. We make all reasonable efforts to ensure that Personal Information we collect is not altered in any way, or reprocessed in a way that makes it incompatible with the purpose for which it was originally collected.

USE
Our website is managed and operated from the United States in accordance with laws of the United States. Any visitors to our website should be aware that the laws of the U.S. may differ from those of your country of residence. If you are located outside of the U.S., the use of this website is at your own risk and you are responsible for compliance with any applicable laws. By using our website and/or providing us with your Personal Information, you consent to the transfers and processing of any Personal Information that you provide and understand that our website will handle your Personal Information in accordance with this Privacy Policy and U.S. law. Consequently, you hereby waive any claims that may arise under the laws and regulations that apply to you in any other country or jurisdiction.

GENERAL DATA PROTECTION REGULATION
On May 25, 2018, the General Data Protection Regulation (“GDPR”) began enforcement in the European Economic Area (EEA), the United Kingdom and Switzerland. The GDPR is a new data privacy regulation that applies to organizations that process personal data of EEA, UK and Swiss residents (“Data Subjects”), regardless of where those organizations are located. The law is the most significant change in data privacy regulation in the past 20 years, and Noble House has been working to prepare for its implementation.

What are the key GDPR requirements and what is Noble House doing to comply?
Obtain Opt-In Consent to Send Marketing Communications: GDPR requires that entities obtain consent from EEA, UK and Swiss Data Subjects before sending them marketing communications. Noble House has updated its method of data capture process to obtain consent from website visitors from countries other than the U.S.

Respond to GDPR Data Subject Rights Requests: GDPR grants certain rights to residents of the EEA, UK and Switzerland, including the right to access the data entities have about that Data Subject, the right to correct errors in the data, and the right to request that entities delete certain data. The entity responsible for responding to Data Subject rights requests is the entity that acts as a “Data Controller,” meaning the entity that determines how and why personal data is processed. Noble House has updated its Brand Standard Privacy Policy information to clarify when Noble House corporate, owned and managed properties, and franchised properties each act as a Data Controller and, therefore, have certain obligations pursuant to GDPR. You may email Noble House at GDPR@noblehousehotels.com to submit these requests.

By using our website you signify your consent and acceptance of this Privacy Policy. Our Privacy Policy is subject to change from time to time.

THIS PRIVACY POLICY WAS UPDATED ON June 12, 2018.