This privacy statement represents Sage Hospitality Group, for Sage Restaurant Concepts’ privacy policy, our CCPA policy or our GDPR policy, please scroll down.


Sage Hospitality Group has created this privacy statement in order to demonstrate our firm commitment to privacy. The following discloses our information gathering and dissemination practices for this Web site.

This site contains links to other sites. These hotels are not responsible for the privacy practices or the content of such Web sites. This site uses a Booking Engine for its reservations. The data collected in these areas is subject to the privacy statements of this company.

At Sage Hospitality Group, the privacy and confidentiality of user information is important. We are committed to maintaining the privacy and security of your user information. Hotels will not disclose identifiable user information to any third party without consent.

Permission for Use:
We take the utmost care to ensure that the personal information we obtain from you is not used in a way that you may be unaware of or not agreeable to. You may wish to submit an information request about our Hotels, participate in one of our promotions or subscribe to our e-mail or postal mail lists. In response, we may ask for information such as your name and postal address. In the event you opt to provide us with this information, we will only use it for the purpose specified by you at the bottom of the information gathering form.

Information collected on the Site may be used to:

  • Plan and purchase hotel accommodations
  • Enter your email in our promotions or sweepstakes
  • Send marketing communications or surveys to you
  • Respond to your questions or suggestions
  • Improve the quality of your visit to our site

Withdrawing Consent to Use:
If, after permitting use of your personal information, you later decide that you no longer want Hotels to include you on its mailing list or otherwise contact you, simply tell us by sending an e-mail, or by clicking on the “Unsubscribe” button at the bottom of our email communication to you.

Opt In Section:
Our site uses an email opt-in subscription form for customers to request information, products, and services. Within these forms, we collect visitor’s contact information (like their email address). Contact information from the form is used to send promotional material from our properties and selected partners to our customers. Customer contact information is also used to get in touch with the visitor when necessary. Users may opt-out of receiving future mailings.

We use your IP address to help diagnose problems with our server, and to administer our Web site. Your IP address is used to gather broad demographic information.

Disclaimer Section:
No permission is granted to use, or permit others to use, our branding , site address, trademarks and service marks, or other means to hyperlink other Internet sites with any page of this website, and our hotel company assumes no responsibility for any other party’s site hyperlinked to this site.


Sage Restaurant Concepts Privacy Policy

PRIVACY POLICY

At Sage Restaurant Concepts, the privacy and confidentiality of user information is important. We are committed to maintaining the privacy and security of your user information. We may update this policy from time to time, so please check here frequently. Sage Restaurant Concepts will not disclose identifiable user information to any third party without consent.

Sage Restaurant Concepts is committed to safeguarding your privacy while visiting our website and any of our restaurant websites (hereinafter collectively referred to as the “Site”). Our goal is to provide you with an Internet experience that delivers the information, resources and services that are most relevant to you. To achieve this goal, part of the operation of the Site includes the gathering of certain types of information about Site users. Because we understand that your privacy is important, we wish to explain the types of information we gather and the way in which we use it. This Privacy Policy applies to the Site.

This Privacy Policy covers two types of information gathered at the Site, personal and aggregated. The term “personal information” refers to data you voluntarily provide in connection with use of the Site that identifies you and/or the company on whose behalf you are accessing and using the Site. Personal information includes, e.g., data submitted in connection with our services, such as your name, e-mail address, phone number, company affiliation, physical address and/or certain other personal information. The term “aggregated data” refers to general information regarding visitors and users of the Site that relates to use of the Site, e.g., traffic patterns, number of visits to certain pages, visits from other web sites or to third-party web sites linked to the Site, use of particular services and interest in services, information or features of the Site or other parties made available through or found at the Site.

What information is collected about you? How do we use it

We take the utmost care to ensure that the personal information we obtain from you is not used in a way that you may be unaware of or not agreeable to. You may wish to submit an information request about our restaurants, participate in one of our promotions or subscribe to our e-mail or postal mail lists. In response, we may ask for information such as your name and postal address. In the event you opt to provide us with this information, we will only use it for the purpose specified by you at the bottom of the information gathering form.

Information collected on the Site may be used to:

  • Make restaurant reservations
  • Enter your email in our promotions or sweepstakes
  • Send marketing communications or surveys to you
  • Respond to your questions or suggestions
  • Improve the quality of your visit to our site

All forms will provide an opt-out button to allow you to choose not to participate in lists and future online marketing. In deciding whether or not to join such lists, please note that they are only used for our purposes or in joint promotions with a restaurant partner. We do not sell, rent or share any of your personal information with any other party including any third-party joint promoters, nor use it for unapproved commercial purposes. You may request to be removed from our lists at any time. All emails distributed to our lists will contain easy, online access to unsubscribe.

Permission for Use

Sage Restaurant Concepts may collect and use personal information that you submit at the Site in any manner that is consistent with uses stated in this Privacy Policy or disclosed elsewhere at the Site at the point you submit such personal information. At the time you submit personal information or make a request, the intended use of the information you submit will be apparent in the context in which you submit it and/or because the Site states the intended purpose. By submitting personal information at the Site, you are giving your consent and permission for any use that is consistent with uses stated in this Privacy Policy or disclosed elsewhere at the Site at the point you submit such personal information, and such consent will be presumed by Sage Restaurant Concepts, unless you state otherwise at the time you submit the personal information. Please do not request any such communications on behalf of an individual or company if you are not authorized to make the request.

Secure Reservations

If you decide to make an online reservation at the Site, you will be linked to a reservation interface called OpenTable. While it appears to be part of our site, OpenTable is in fact provided by a third party and is governed by its privacy practices. We understand that security remains the primary concern of online consumers and have chosen OpenTable carefully. OpenTable, Inc., along with its subsidiaries or affiliated companies (“OpenTable”), is committed to safeguarding your privacy and upholding the highest levels of information security. To that end, the company adheres to the strictest consumer privacy guidelines and uses state-of-the-art security technology to protect any information you provide to and through OpenTable.

Protecting your information

We would like our Site visitors to feel confident about using the Site to plan their visit to our restaurants, so Sage Restaurant Concepts is committed to protecting the information we collect. Sage Restaurant Concepts has implemented a security program to keep information that is stored in our systems protected from unauthorized access.

Our Site is hosted in a secure environment. The Site servers/systems are configured with data encryption, or scrambling, technologies, and industry-standard firewalls. When you enter personal information during a customer email sign-up, your data is protected by Secure Socket Layer (SSL) technology to ensure safe transmission.

Withdrawing Consent to Use

If, after permitting use of your personal information, you later decide that you no longer want Sage Restaurant Concepts to include you on its restaurant mailing lists or otherwise contact you or use your personal information in the manner disclosed in this Privacy Policy or at the Site, simply tell us by sending an e-mail, or by clicking on the “Unsubscribe” button at the bottom of our email communication to you.

Use of Aggregated Data

Sage Restaurant Concepts is interested in improving the Site and may develop and offer new features and services. We monitor aggregated data regarding use of the Site for marketing purposes and to study, improve and promote use of the Site. In connection with such purposes, Sage Restaurant Concepts may share aggregated data with third parties collectively and in an anonymous way. Disclosure of aggregated data does not reveal personal information about individual Site users in any way that identifies who they are or how to contact them.

Exceptions to the Privacy Policy

Sage Restaurant Concepts has two exceptions to these limits on use of personal information:

  • Sage Restaurant Concepts may monitor and, when we believe in good faith that disclosure is required, disclose information to protect the security, property, assets and/or rights of Sage Restaurant Concepts from unauthorized use, or misuse, of the Site or anything found at the Site.
  • Sage Restaurant Concepts may disclose information when required by law; however, only to the extent necessary and in a manner that seeks to maintain the privacy of the individual.

Use of Cookies and Analytics

To enable features at the Site, Sage Restaurant Concepts may assign one or more “cookies” to your Internet browser. Cookies, among other things, speed navigation through our Site, keep track of information so that you do not have to re-enter it each time you visit our Site, and may provide you with customized content. A cookie is an Internet mechanism composed of a small text file containing a unique identification number that permits a web server to send small pieces of information or text by means of your browser and place them on your computer’s hard drive for storage. This text lets the web server know if you have previously visited the web page. Cookies by themselves cannot be used to find out the identity of any user.

We use cookies and/or analytics to collect and maintain aggregated data (such as the number of visitors) to help us see which areas are most popular with our users and improve and update the content on our site. While in the process of browsing our site, you also provide us with information that doesn’t reveal your personal identity. We use this aggregated data only as explained in this Privacy Policy. We do not connect aggregated data to any name, IP address, or other identifying information.

You may occasionally receive cookies from unaffiliated companies or organizations, to the extent they place advertising on our Site or are linked to the Site. These third-party cookies may collect information about you when you “click” on their advertising or content or link. This practice is standard in the Internet industry. Because of the way in which the Internet operates, we cannot control collection of this information by these third parties, and these cookies are not subject to this Privacy Policy.

Children’s Privacy & Parental Consent

Please be aware that Sage Restaurant Concepts has not designed this Site for, and does not intend for it to be used by, anyone under age 18. Accordingly, this Site should not be used by anyone under age 18. Our privacy policy prohibits us from accepting users who are under the age of 18. Sage Restaurant Concepts specifically requests that persons under the age of 18 not use this Site or submit or post information to the Site. Should Sage Restaurant Concepts inadvertently acquire personal information or other data from users under the age of 18, Sage Restaurant Concepts will not knowingly provide this data to any third party for any purpose whatsoever, and any subsequent disclosure would be due to the fact the user under age 18 used the Site and submitted personal information without solicitation by or permission from Sage Restaurant Concepts.

Links Provided To Other Sites

Sage Restaurant Concepts may provide links to a number of other web sites that we believe might offer you useful information and services. However, those sites may not follow the same privacy policies as Sage Restaurant Concepts. Therefore, we are not responsible for the privacy policies or the actions of any third parties, including without limitation, any web site owners whose sites may be reached through this Site, nor can we control the activities of those web sites. We urge you to contact the relevant parties controlling these sites or accessing their on-line policies for the relevant information about their data collection practices before submitting any personal information or other sensitive data.

Your Consent To This Privacy Policy

Use of the Site signifies your consent, as well as the consent of the company for whom you use the Site and whose information you submit (if any), to this on-line Privacy Policy, including the collection and use of information by Sage Restaurant Concepts, as described in this statement, and also signifies agreement to the terms of use for the Site. Continued access and use of the Site without acceptance of the terms of this Privacy Policy relieves Sage Restaurant Concepts from responsibility to the user.

Policy Modifications

Sage Restaurant Concepts reserves the right to change this Privacy Policy at any time; notice of changes will be published on this page. Changes will always be prospective, not retroactive. If you have questions about our policies, please contact us.


GDPR PRIVACY STATEMENT

If you are in the European Economic Area and we collect personal data relating to you in the context of the offering of goods or services, even if provided free of cost, or if we collect data when monitoring your behavior which takes place within the European Economic Area, your personal data will be subject to Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”).

In this Privacy Statement we, The Maven (“We”) will inform you about how we process and use personal data which is subject to the GDPR and on the specific rights you have in connection with your personal data which is subject to the GDPR.

Please note that this Privacy Statement applies only to personal data which is subject to the GDPR and therefore expressly does not apply to (a) data which is not personal data such as data on corporations or other legal entities, and (b) personal data not falling within the scope of the GDPR such as personal data of data subjects who are not in the European Economic Area.

Information on Use of Cookies and Similar Technologies

Processing in the Context of Visiting our Website

Information We Collect

When you visit our website, our web server will temporarily record the domain name or IP address of the requesting computer, the access date, the file request of the client (file name and URL), the HTTP response code and the website from which you are visiting us, the number of bytes transferred during the connection and, if applicable, other technical information that we use and statistically evaluate for the technical implementation of the website’s use (delivery of the content, guaranteeing the website’s functionality and security, protection against cyberattacks and other abuses).

It is necessary to store and process the information referred to above for the duration of your session in order to deliver our website content to your computer. We also store some of this information in the log files of our servers. We will not combine this information with your IP address or other personal data relating to you except as disclosed below.

This processing will take place for the fulfilment of the existing contract of use with you, as far as it serves the purpose of the technical implementation of the website’s use (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR) and to otherwise protect our legitimate interest in making our website as user-friendly, safe and attractive as possible and in promoting the sale of our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). We will assume that your interests do not conflict with this, because the measures described below are taken in order to limit processing to an appropriate degree.

We will also use the data described above to draw conclusions about your interests from your use and to adapt our website’s offerings according to your interests (profiling) in order to make our website as user-friendly, safe and attractive as possible and thus promote the sale of our products and services. We do this for the preservation of our aforementioned legitimate interests (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) and, where applicable, on the basis of your consent as described below (legal basis for processing: Art. 6 no. 1 lit. a) of the GDPR). For further information please refer to the following Section.

Cookies, Analysis and Tracking

We use cookies, among other things, to process the data mentioned in the preceding Section. Cookies are files that are stored on your computer’s hard drive and are accessed by our server when you visit our website.

We use cookies and the analysis described in the preceding Section for the purposes set forth in in the preceding Section and for the preservation of our legitimate interest described therein (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) and, where applicable, on the basis of your consent as described in below (legal basis for processing: Art. 6 no. 1 lit. a) of the GDPR):

Types of Cookies

There are two different types of cookies used:

Session Cookies: Also called transient cookies, are cookies that are temporarily stored in your browser for the duration of a browser session, and they typically will store information in the form of a session identification and no further information personally identifying you.

Persistent Cookies: Also called permanent or stored cookies, are cookies that are stored on your hard drive until they expire (persistent cookies are set with expiration dates) or until you delete the cookie. Persistent cookies are used to collect identifying information, such as web surfing behavior or user preferences for a specific web site.

We employ the following types of cookies:

  • required Cookies
  • Functionality Cookies
  • Targeting / Advertising Cookies

These cookies are a mixture of first party cookies, which we set ourselves, and third-party cookies, which are set by other websites.

Cookie Functions

We use cookies across our websites to improve their performance and enhance your user experience. Cookies are used to provide the following functions:

Personalization – For example, your language preference is remembered.

Session Management – To ensure that your session is routed to the correct system for the duration of your visit.

Usage Tracking – We use cookies to provide analysis of our users’ on-going usage of the website. This allows us to adapt our website’s offerings according to our users’ interests and facilitates on-going improvements to the website.

AB Testing / Multivariate Testing – We can display multiple versions of a page to a user to assess which generates the best user experience.

Advertising – We can display advertising content depending on location, language, and your past browsing history.

Required Cookies

We use a number of cookies which are strictly necessary to allow you to access our websites, to move between pages and to receive services which you have requested. The types of data collected are:

  • session identifier
  • IP address, and information generated from anonymized IP address that includes
  • a computer host name
  • geographic location
  • time of visit
  • webpage URL
  • referring website
  • security tokens (for authentication and information submission, like RFP forms)

The following is an example of a strictly necessary cookie which we use:

Authentication Cookies: Provide an authentication method of a secure log-in.

Functionality Cookies

We use functionality cookies to allow us to remember your preferences. For example, cookies save you the trouble of selecting your language or currency every time you access the website and recall your customization preferences.

We utilize other cookies to analyze how our visitors use our websites and to monitor website performance. This allows us to provide a high-quality experience by customizing our offering and quickly identifying and fixing any issues that arise. For example, we might use performance cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages.

The following is an example of a functionality cookie which we use:

Adobe Website Analytics: Refer to Adobe Analytics for more details.

Targeting / Advertising Cookies

We and our partners and advertisers use cookies to display advertisements that we believe are relevant to you and your interests.

We allow certain third party advertisers and partners to collect information about your use of the website through first and third-party cookies in order to serve adverts to you. They may also analyze this data in order to serve adverts to you on other third-party websites.

We also work with advertisers in order to display our advertisements on third party websites, based on cookies set on your visit to this website. Advertising/targeting cookies may also be used to track your responses to particular adverts, which helps advertisers ensure that you see the most relevant advertisements in future on third party websites.

The following is an example of a targeting/advertising cookie which we use:

  • DoubleClick: These cookies may also be used by advertisers to allow third parties to serve advertisements to you when you are on other sites. These ads may be adapted to be relevant to you based on your use of the website. This is done on an anonymized basis, using non-personally identifiable information.

The types of data used include online identifiers, including cookie identifiers, IP addresses and device identifiers, imprecise location data (based on your IP address) or precise location data (if you have set your system to allow transmission of geolocation information), and client identifiers.

Types of targeting enacted based on cookies include:

  • Demographics: Target ads based on how well products and services trend with users in certain locations, ages, genders, and device types.
  • In-market: Show ads to users who have been searching for products and like-services.
  • Custom intent audiences: Choose words or phrases related to the people that are most likely to engage with sites and make purchases by using “custom intent audiences.”
  • Similar audiences: Target users with interests related to those on remarketing lists.
  • Remarketing: Target users that have already interacted with our ads, website, or app.

We do not control the information collected by such partners or advertiser in connection with our website or the further use of information we may provide to them for the aforementioned services, and they do not process such data on our behalf. Only the data protection policies of those third parties as the respective controllers of such data will apply to their processing of such data.

Please see the following sites for more information about specific advertisers and their data policies: [links to advertiser sites and data policies]

Cookie Consent

When you visit our website, you are notified of the use of cookies for tracking and analysis and asked to provide your express consent. The notice makes reference to the detailed explanations in this Privacy Statement.

You can prevent or restrict the storage of cookies on your hard disk by setting your browser not to accept cookies or to request your permission before setting cookies. Once cookies have been set, you can delete them at any time. Please refer to your browser’s operating instructions to find out how this works. If you do not accept cookies, this can lead to restrictions in the use of our service.

Data Retention and Deletion

Log files are deleted after 120 days. Session cookies expire and are deleted at the end of your browser session. Persistent cookies may be set to expire from 30 days to 1 year depending on the function of the cookie. After expiry of those periods information will be deleted or made anonymous.

Use of Adobe Analytics

Our website uses Adobe Analytics, a web analysis service of Adobe Systems (https://www.adobe.com/about-adobe.html), 345 Park Avenue, San Jose, CA 95110-2704, USA (“Adobe“).

You can find further information on how Adobe uses information from sites or apps that use its services here:

https://www.adobe.com/privacy/marketing-cloud.html

Adobe Analytics uses so-called “cookies”, which are text files placed on your computer, to help the website analyse how users use the site (see Section 4.1). The information generated by the cookie about your use of this website such as

  • browser type and version,
  • operating system of your computer,
  • referrer URL (i.e. the page last visited),
  • host name of accessing computer (IP address),
  • date and time of server request

is transferred to an Adobe server and stored there. In order to render the information stored on Adobe’s servers not personally identifying, we use Adobe Analytics with activation of the settings „Before Geo-Lookup: Replace visitor’s last IP octet with 0“. By activating „Before Geo-Lookup: Replace visitor’s last IP octet with 0“ we ensure that the user’s IP address is anonymized by replacing the last eight digits by zero prior to geo-localization. For statistical analysis the imprecise location of the user is added to the tracking package which includes the IP address.

Disabling and Opt-out: You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use this website’s full functionality. You can also prevent Adobe from collecting the data generated by the cookie and relating to your use of the website (including your IP address), from processing this data by following these instructions: https://www.adobe.com/privacy/opt-out.html#customeruse

We use Adobe Analytics for the purposes set forth and for the preservation of our legitimate interest described therein (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) and, where applicable, on the basis of your consent as described (legal basis for processing: Art. 6 no. 1 lit. a) of the GDPR).

HEBS Digital has concluded a contract processing agreement with Adobe Systems Ireland, Limited to ensure that personal data is processed only on our behalf and in accordance with our instructions. The contract processing agreement with Adobe contains guarantees for an adequate level of protection in the form of Adobe’s participation in the Privacy Shield Program.

Information on Other Processing Operations

Processing in the Context of Newsletters

If you register via our website or by other means to receive electronic newsletters, we will store and process your registration data (the registration form will show you which registration data we collect and store and whether entries are mandatory or voluntary) for an unlimited period of time until you unsubscribe or we cancel the newsletter dispatch in order to fulfil the existing contract with you for the receipt of the newsletter (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR). The IP address assigned to you by the internet service provider (ISP), and the date and time of registration will also be stored when you register. The purpose of this is to protect our legitimate interest in preventing and, if necessary, prosecuting misuse of our services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). In addition, we will store and process your consent to receive the newsletter for the retention period specified below. This serves to protect our legitimate interest in being able to prove in the event of a dispute that you wished to receive the newsletter (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

After termination of your registration for the receipt of newsletters, we will retain the registration data, the IP address, date and time of registration and your consent for up to six months. This serves to protect our legitimate interest in being able to restore this data in the event of unintentional deletion; or in establishing, exercising or defending legal claims in connection with the registration for, and consent to, receipt of newsletters(legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). We will assume that your interests do not conflict with this, because the retention period is appropriate with respect to the interests to be protected.

The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent unauthorized use of your e-mail address by another person.

Processing in the Context of Registration or Use of the Contact Form

If you register on our website and create a user account (the registration form will show you which registration data we collect and store and whether entries are mandatory or voluntary), all personal data collected in connection with this user account will be stored in this user account until you request to delete the user account or until we cancel the user account for the performance of our contractual relationship on use of the respective website or web service (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR). The IP address assigned to you by your internet service provider (ISP), and the date and time of registration will also be stored when you register. The purpose of this is to protect our legitimate interest in preventing and, if necessary, prosecuting misuse of our services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

After de-registration of your user account, we will retain all data for up to six months. This serves to protect our legitimate interest in being able to restore this data in the event of unintentional deletion; or in establishing, exercising or defending legal claims in connection with our contractual relationship (legal basis for processing: Art. 6 no. 1 lit. a) of the GDPR). We will assume that your interests do not conflict with this because the retention period is appropriate with respect to the interests to be protected.

Our website contains a contact form which you can use to submit communications to us. When submitting information through the contact form, you are required to enter certain information which we will use for responding to your request. The contact form enables you to submit additional information on a voluntary basis.

If you provide us with personal data via the user account or the contact form for a purpose beyond the use of the website or respective web service, such as sending us an offer or product information, we will also store and process this data for this purpose. In order to find more information on how we store and process such data, you will need to refer to the Section of this Privacy Statement that is pertinent to the respective purpose.

Information on (Categories of) Recipients

Operation of Website By HEBS Digital

Our website is operated on our behalf by HEBS Digital, One Penn Plaza, 48th Fl, New York, NY 10119, USA (“HEBS USA”). This means that our website (including your user account and registration information for newsletters) is physically hosted on servers operated for HEBS USA by Amazon Web Services, Inc. (“AWS”) located in the USA.

We have concluded a contract processing agreement with HEBS USA to ensure that the website is operated, and personal data is processed, only on our behalf and in accordance with our instructions. [The contract processing agreement contains guarantees for an adequate level of protection in the form of incorporation of the standard data protection clauses adopted by the Commission for this purpose.]

HEBS USA have similarly concluded a contract processing agreement with AWS to ensure that the website is hosted, and personal data is processed, only on its behalf and in accordance with its instructions.

General Information on Recipients, Categories of Recipients and Transfers

All of our servers and databases may be operated, maintained or further developed by additional processors or other contractors. They may have access to your data.

Where we store and process data for the performance of contracts, we may pass these data on to agents and contractors we employ for such performance (e.g. to carriers for transportation purposes).

Where we store and process data for communication with you, we may use additional processors or contractors in order to process or transmit electronic or paper correspondence with you (e.g. letter shops, mailing service providers), who will then have access to your data.

We will transfer your personal data to competent law enforcement, regulatory or other authorities, institutions or bodies if we are legally obligated to do so (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR) or if we have a legitimate interest in averting coercive measures of such authorities, institutions or bodies within the scope of their legal responsibilities (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). Such legally required or necessary transmissions are not the subject of this Privacy Statement.

Information on Retention Periods

You will need to inform the data subjects how long you will retain their data. This information could be provided as follows:

General Information on Retention Periods and Anonymization

We have enacted a data retention and deletion policy in order to ensure that personal data are only stored for as long as necessary for their purpose.

Our data retention and deletion policy takes account of the principle that personal data should be retained for limited periods even after the storage purpose has become obsolete, in order to preserve our legitimate interest in preventing unintentional deletions, in enabling the establishment, exercise or defense of legal claims and in rendering the administration of retention and deletion periods practicable (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).. We assume that your interests do not conflict with this, because these additional retention periods are appropriate with respect to the interests to be protected.

Unless detailed information on deletion periods has already been provided above, the following general deletion periods will apply in accordance with our data retention and deletion policy. Where data fall under several different deletion periods, the longest will always apply:

We will retain customer data for the duration of the customer relationship. After the end of the customer relationship such data will continue to be retained for as long as these data are necessary for the maintenance of the customer account and for the administration of documents or data relating to the customer which fall into any of the categories identified herein below. Otherwise customer data will be deleted after expiry of 1 year.

For compliance with the statutory retention period for commercial letters and tax documents we will retain correspondence, invoices, and other booking documentation for 7 years.

We will retain contract-related data and documents for 7 years after the end of the contractual relationship in view of the statutory limitation period for claims and statutory document retention obligations for booking receipts.

If the term “erasure” or “deletion” is used in this Privacy Statement, we reserve the right to anonymize the relevant data record, such that it can no longer be assigned to you, instead of complete deletion.

Anonymized data may be processed and used by us and our processors for an unlimited period. The processing and use of anonymized data is not subject to the GDPR and is not the subject of this Privacy Statement.

Information on Data Subject Rights

Your Rights

You as the data subject have certain rights with regard to your personal data, which we will explain to you below:

Right of Access and Information (Art. 15 of the GDPR) – You have the right, where the statutory requirements are met, to request from us at any time, at no cost, confirmation as to whether personal data relating to you is being processed, a copy of this data and comprehensive information on this personal data. This right extends in particular, without limitation, to the purposes of processing, the categories of personal data being processed, the recipients, the storage period and the origin of the data.

Right to Rectification (Art. 16 of the GDPR) – You have the right to request us to rectify incorrect and incomplete personal data concerning you without delay, where the statutory requirements are met.

Right to be Forgotten (Art. 17 of the GDPR) – You have the right to demand from us the immediate deletion of personal data concerning you, where the statutory requirements are met, if, among other reasons, their storage is no longer necessary or unlawful, if you withdraw your consent on which their storage was based, if you have validly objected to their storage in accordance with below Sections, if we are obligated to delete them for any other reason or if the data were collected as part of a web service. If we have made the data public, in addition to deletion of the data, we must also inform other controllers in such cases that you have requested the deletion of this data and all references thereto, insofar as this is reasonable in view of the available technology and the implementation costs. The above obligation does not apply in certain exceptional cases, in particular storage for the purpose of establishing, exercising or defending legal claims.

Right to Restriction of Processing (Art. 18 of the GDPR) – You have the right to request us, where the statutory requirements are met, to restrict the processing of personal data relating to you, for example if you dispute their accuracy, the storage is no longer necessary or is unlawful and you still do not wish to have it deleted or if you have filed an objection to the processing (see below) as long as it has not yet been established whether our legitimate reasons outweigh yours.

Right to Data Portability (Art. 20 of the GDPR) – If automated processing of personal data occurs solely on the basis of your consent or to fulfil a contract with you or to implement pre-contractual measures, you have the right to require us, subject to statutory requirements, to make available the personal data in relation to yourself that you have provided to you or to a third party you designate, if this is technically feasible, in a structured, current and machine-readable format and not to impede its transfer to a third party.

Right of Objection (Art. 21(1) of the GDPR) – You have the right to require us, where the statutory requirements are met, to no longer process personal data relating to you which we process for the performance of a task which is in the public interest or for the protection of our legitimate interests or those of a third party, if you object to such processing for reasons which arise from your particular situation. In this case we must desist from further processing unless there are compelling grounds for processing which outweigh your interests or the processing is carried out for the establishment, exercise or defense of legal claims.

Right of Objection to Direct Marketing (Art. 21(2) of the GDPR) – You can object to the further processing of your personal data for direct marketing purposes at any time, and we will consequently refrain from processing them for this purpose. This also applies to profiling insofar as it is associated with such direct marketing.

Automated Decisions (Art. 22 of the GDPR) – We will not make any decisions without your consent which produce legal effects concerning you or similarly significantly affect you and that are based exclusively on automated processing (including profiling).

Guarantees – To the extent that we indicate in this Privacy Policy that guarantees have been agreed to provide an adequate level of protection, you may request copies of the relevant documents from our designated representative within the EU.

Consents – If you consent to processing, this is voluntary, unless we inform you otherwise in advance, and the refusal of consent will not be sanctioned. You can withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Processing on a legal basis other than your consent will also be unaffected by such withdrawal. However, you may also exercise the above statutory rights in this respect (e.g. the right of objection as described above). In particular, you may withdraw any consent to the use of your e-mail address or telephone number for direct marketing at any time and may object to any further use of your e-mail address or telephone number for this purpose at any time, free of charge (other than communication costs payable to your provider).

Right to Lodge a Complaint – You have the right to lodge a complaint with a supervisory authority. This may include, among others, the supervisory authority responsible for your place of residence or the supervisory authority generally responsible for our representative (See above).

Contact – You can contact us in any form to exercise your rights, in particular to withdraw any consent you may have given, and especially our representative in the European Union also. You may be required to identify yourself to us as a data subject to exercise your rights.

Changes to this Privacy Statement

In the event of future changes to this Privacy Statement, you can retrieve old versions and information on the periods for which they were valid here.


California Online Privacy Policy 

Sage Hospitality Group (the “Company”) has developed this Privacy Policy out of respect for the privacy of our guests and visitors to our Website. This policy describes the personal information we collect, use, and disclose about individual guests and Website visitors who are California residents. This policy applies only to California residents who are natural persons; it does not apply to any entities (whether business, non-profit or governmental) or to any person who is not a California resident.

For California residents, this policy supplements and modifies, but does not replace, our general Privacy Policy, which can be accessed at this web address: https://www.sagehospitality.com/privacypolicy/

Whenever you visit our Website, we will collect some information automatically simply by you visiting and navigating through this site, and some information voluntarily when you submit information using a form on the Website, request information, or use any of the other interactive portions of our Website. Through this Website, we will collect information that can identify you and/or your activity.

Whenever you communicate, interact or do business with us, whether online or at any Company hotel, restaurant, store or location we will collect personal information from you or about you in the course of our interaction or dealings with you.

The Company may collect the following categories of personal information about you based on your specific transactions and interactions with the Company or its Website. For each category of information, we identify examples of the category, the business purposes for which we use the information in that category, the categories of sources from which the information is collected, and the categories of third parties with whom we have shared the information in the last 12 months.

Category of Personal Information Personal Identifiers & Contact Information
Examples Name, mailing address, email address, phone number
Business Purpose(s) for Which Information is Used ·  Responding to inquiries through Website; and

·  Verifying and responding to consumer requests.

Categories of Sources from Which Information Received Visitors of our Website
Categories of Third Parties to Whom Info Was Disclosed in Last 12 Months We do not share this information with any third party, unless required to do so by law or government agency or for the purpose of defending or prosecuting legal claims.

 

 

Category of Personal Information Purchasing history
Examples Date, cost, and types of transactions with the Company and its subsidiaries and affiliates
Business Purpose(s) for Which Information is Used ·  Improving the services provided to consumers; and

·  Delivering customized content or marketing to consumers.

 

Categories of Sources from Which Information Collected Visitors of our Website, hotels, restaurants, stores, and other locations.
Categories of Third Parties to Whom Info Was Disclosed in Last 12 Months We do not share this information with any third party, unless required to do so by law or government agency or for the purpose of defending or prosecuting legal claims.

 

Category of Personal Information Internet Activity
Examples Date and time of your visit to this Website; webpages visited; links clicked on the Website; browser ID; browser type; device ID; operating system; form information downloaded; domain name from which our site was accessed; and cookies
Business Purpose(s) for Which Information is Used ·  Improving the Website experience for all visitors;

·  Understanding the demographics of our Website visitors;

·  Operating and maintaining the Website;

·  Detecting security incidents;

·  Debugging to identify and repair errors that impair existing intended functionality of the Website;

·  Delivering customized content or marketing to Website visitors; and

·  Verifying and responding to consumer requests.

Categories of Sources from Which Information Collected Visitors of our Website and the device and browser used to access the Website
Categories of Third Parties to Whom Info Was Disclosed in Last 12 Months We may share this information with our web analytics vendor. Otherwise, we do not share this information with any third party, unless required to do so by law or government agency or for the purpose of defending or prosecuting legal claims.

 

Category of Personal Information Visual data
Examples Video Surveillance
Business Purpose(s) for Which Information is Used ·  Maintaining the security of our business sites.
Categories of Sources from Which Information Received Visitors of our hotels, restaurants, spas and other retail locations.
Categories of Third Parties to Whom Info Was Disclosed in Last 12 Months We do not share this information with any third party, unless required to do so by law or government agency or for the purpose of defending or prosecuting legal claims.

 

Do we sell any of your personal information?

The Company does NOT and will not sell your personal information, including the data of any minors. We do not sell or otherwise trade the personal information that we collect from our site visitors at any point or under any circumstance.

Third-party vendors

The Company may use other companies and individuals to perform certain functions on our behalf. Examples include administering e-mail services and running special promotions. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose. Subscribers or site visitors will never receive unsolicited e-mail messages from vendors working on our behalf.

Business transfers:

In the event the Company sells or transfers a particular portion of its business assets, consumer information may be one of the business assets transferred as part of the transaction. If substantially all of the assets of the Company are acquired, consumer information may be transferred as part of the acquisition.

Compliance with law/safety:

The Company may disclose specific personal information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect the users of our Website, the site itself, or the public.

Use of cookies and other tracking technologies

Cookies are small files that a Website may transfer to a user’s computer that reside there for either the duration of the browsing session (session cookies) or on a permanent (until deleted) basis (persistent cookies). Cookies may be used to identify a user, a user’s machine, or a user’s behavior. We make use of cookies under the following circumstances and for the following reasons:

  • Compile data about site traffic to offer a better Website experience
  • Understand and save Website visitor preferences for future visits

Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. However, there is currently no universal standard for sending and receiving DNT signals. Due to this lack of a universal standard, it would be impossible for us to promise that we will comply with all known and unknown DNT standards.

Therefore, we do not respond to DNT signals or other mechanisms that provide a choice regarding the collection of personal information about activities over time and across different websites or online services. If a universal standard for DNT becomes available, we may revisit our DNT Policy.

External links:

Our Website contains links to other websites. The Company is not responsible for the privacy practices or the content of such websites. To help ensure the protection of your privacy, we recommend that you review the privacy policy of every website you visit via a link from our Website.

Children under the age of 16

Our Website is not intended for children under 16 years of age. No one under age 16 may provide any personal information on the Website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on our Website. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at the email address below.

Your Rights as a California Consumer

If you are a California resident, you have the following rights:

  1. Right to Know. The right to request, up to 2 times in a 12-month period, that we identify to you (1) the categories of personal information we have collected, disclosed or sold about you in the last 12 months, (2) the categories of sources from which the personal information was collected, (3) the business purpose for which we use this information, and (4) the categories of third parties with whom we share or have shared your personal information in the last 12 months;

 

  1. Right to Access. The right to request, up to 2 times in a 12-month period, that we provide you access to or disclose to you, free of charge, the specific pieces of personal information we have collected about you in the last 12 months;

 

  1. Right to Delete. The right to request, up to 2 times in a 12-month period, that we delete personal information that we collected from you, subject to certain exceptions;

 

  1. Right to Opt-Out. The right to opt-out of the sale of your personal information to third parties;

 

  1. The right to designate an authorized agent to submit one of the above requests on your behalf; and

 

  1. The right to not be discriminated against in receiving different or less favorable pricing, service or financial incentive for exercising any of the above rights.

You can submit any of the above types of consumer requests by any of the 2 options below:

  1. Submit an online request via email at ccpaprivacy@sagehospitalitygroup.com
  2. Call our toll-free consumer privacy line at (833)-700-2444

How we will verify that it is really you submitting the request:

When you submit a Right to Know, Right to Access, or Right to Delete consumer request through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us. For example, we may need you to provide your name, address, email, phone number, last 4 digits of your SSN and your date of birth. In addition, our third-party identity verification provider may require your authorization to access details about your credit card transactions. If your sole interaction with us was as a website visitor, then in order to verify your identify, we will need to ask you to provide your name, email, and phone number.

Responding to your Right to Know, Right to Access, and Right to Delete requests

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 days or 90 days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding our receipt of your verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Responding to your consumer request to opt-out of the sale of your personal information

The Company does NOT and will not sell your personal information, including the data of any minors. We do not sell or otherwise trade the personal information that we collect from our site visitors at any point or under any circumstance.

How to authorize an agent to act on your behalf

You can authorize someone else as an Authorized Agent who can submit a consumer request on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized Power of Attorney or (b) provide other written authorization that we can then verify. When we receive a consumer request submitted on your behalf by an Authorized Agent, that person will be asked to provide written proof that they have your permission to act on your behalf, and we will also contact you and ask you for information to verify your own identity directly with us and not through your Authorized Agent.

Consent to Terms and Conditions

By using this Website, you consent to all Terms and Conditions expressed in this Privacy Policy.

Changes

From time to time we may modify and/or update this Privacy Policy and so we encourage you to check back on a regular basis to determine if any changes have been made.

Questions About the Policy

If you have any questions about this privacy policy, email ccpa@sagehospitalitygroup.com or call (883)- 700-2444.

This policy was last updated July 21, 2020.