ONLINE PRIVACY POLICY

Sage Hospitality Group together with its affiliated entities (including restaurants, hotels, and spas) and except as noted below (collectively, the “Company” or “we”) has developed this privacy policy out of respect for the privacy of our customers, visitors to our websites, job applicants, and independent contractors. This policy describes the personal information we collect, use, process, and disclose about individual consumers, applicants, and contractors who visit or interact with our websites, visit any of our affiliated hotels, restaurants, spas, offices and locations, purchase or inquire about any of our products or services, contract with the Company or any affiliated entity to provide services, apply for a position of employment with the Company or any affiliated entity, or otherwise interact or do business with us. This policy does not apply to any affiliated entity’s website, where the affiliated entity’s website is not managed by Sage Hospitality Group.

If you are in the European Economic Area (EEA), please see the GDPR privacy statement that went into effect on May 25, 2018.

Whenever you visit our websites, we will collect some information from you automatically simply by you visiting and navigating through our sites, and some voluntarily when you submit information using a form on the website, enroll in or subscribe to our newsletter or marketing communications, request information, or use any of the other interactive portions of our websites. Through our websites, we will collect information that can identify you and/or your activity.

Additionally, whenever you communicate, interact or do business with us, whether online or at any of our locations, or whether you are contracted to perform services for us or apply for a position of employment, we will be collecting personal information from you or about you in the course of our interaction or dealings with you.

In this policy, the meaning of “personal information” depends on your state of residency: if you reside in California, “personal information” has the meaning of “personal information”, as defined in the California Consumer Privacy Act (“CCPA”); if you reside in Colorado, “personal information” has the meaning of “personal data” as defined in the Colorado Privacy Act (“CPA”); if you reside in Oregon, “personal information” has the meaning of “personal data” as defined in the Oregon Consumer Privacy Act (“OCPA”); if you reside in Texas, “personal information” has the meaning of “personal data” as defined in the Texas Data Privacy and Security Act (“TDPSA”); and if you reside in Virginia, “personal information” has the meaning of “personal data” as defined in the Virginia Consumer Data Protection Act (“VCDPA”).

This policy does not apply to our current and former employees and their family members, dependents, and beneficiaries; if you are a California resident who is a current or former employee of the Company or any affiliated entity, or a family member, dependent, or beneficiary of any of our current or former employees, you may request access to our Employee Privacy Policy by sending an email to yourprivacy@sagehospitalitygroup.com.

 

Collection and Processing of Personal Information and Sensitive Personal Information

Based on your specific transactions and interactions with us or our websites, we will or may collect, and we have in the last 12 months collected, the following categories of personal information about you. The term “sold” in the table below refers to disclosure of personal information of residents of California, Colorado, Texas, or Oregon in exchange for valuable consideration. The Company does not “sell” the personal information of residents of Virginia for monetary consideration.

Category: Personal Identifiers

Examples: Name, alias, social security number, and date of birth.

Disclosed in Last 12 Months To: Government agencies; Transaction support vendors (e.g., payment processors); Marketing support vendors; Applicant tracking and talent management systems; Security and risk management vendors and consultants, including IT, cybersecurity, and privacy vendors and consultants; Consulting and investigation firms, including human resources consultants, safety consultants, and workplace investigators

We May Collect, Process and Disclose for the Following Business Purposes: To fulfill or meet the purpose for which you provided the information, Marketing and sales activities; To process, complete, and maintain records on transactions; To schedule, manage and keep track of customer appointments; To respond to consumer inquiries, including requests for information, customer support online, and phone calls; To provide interest-based advertising; To contact you by email, telephone calls, mail, SMS, or other equivalent forms of communication regarding updates or informative communications; To improve user experience on our website; To understand the demographics of our website visitors; To detect security incidents; To protect against malicious or illegal activity and prosecute those responsible; To verify and respond to consumer requests; To prevent identity theft; Tax document reporting; Processing customer payments; Job applicant recruiting activities, including tracking applicant data and application processes, and evaluate applicants; Monitor security controls for electronic networks; Perform background checks;

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: If included in documents encompassed by another category, longest applicable retention period for another category as set forth in this table; If you are a job applicant and are hired by the Company, then name will be retained permanently, and the rest will be retained for duration of employment plus 6 years. If you are not hired, this data will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer; If you are an independent contractor, this data will be retained for duration of our relationship with you plus 4 years; For all other relationships: duration of our relationship with you plus 7 years.

 

Category: Contact Information

Examples: Home, postal or mailing address, email address, home phone number, cell phone number.

Disclosed in Last 12 Months To: Government agencies; Financial institutions; Marketing support vendors; Applicant tracking and talent management systems; Consulting and investigation firms, including human resources consultants, safety consultants, and workplace investigators; Communication support vendors

We May Collect, Process and Disclose for the Following Business Purposes: To fulfill or meet the purpose for which you provided the information; Marketing and sales activities; To process, complete, and maintain records on transactions; To schedule, manage and keep track of customer appointments; To respond to consumer inquiries, including requests for information, customer support online, and phone calls; To provide interest-based advertising; To contact you by email, telephone calls, mail, SMS, or other equivalent forms of communication regarding updates or informative communications; To understand the demographics of our website visitors; To detect security incidents; To protect against malicious or illegal activity and prosecute those responsible; To verify and respond to consumer requests; Tax document reporting.

Processing customer payments; Job applicant recruiting activities, including tracking applicant data and application processes, and evaluate applicants; Monitor security controls for electronic networks; Perform background checks; To fulfill or meet the purpose for which you provided the information; Job applicant recruiting activities, including tracking applicant data and application processes, and evaluate applicants; Perform background checks; Access internet at our properties.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: If included in documents encompassed by another category, longest applicable retention period for another category as set forth in this table; If you are a job applicant and are hired by the Company, then name will be retained permanently, and the rest will be retained for duration of employment plus 6 years. If you are not hired, this data will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer; If you are an independent contractor, this data will be retained for duration of our relationship with you plus 4 years; For all other relationships: duration of our relationship with you plus 7 years.

 

Category: Account Information

Examples: Username and password for Company accounts and systems (including where a job applicant or candidate must create an account to apply for a job), and any required security or access code, password, or credentials allowing access to your Company accounts.

Disclosed in Last 12 Months To: Security and risk management vendors and consultants, including IT, cybersecurity, and privacy vendors and consultants

We May Collect, Process and Disclose for the Following Business Purposes: To grant access to Company accounts and systems; Ensure security of Company data accessed through Company account and systems

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: For independent contractors, Username: contract term plus 90 days; Password or security code: while in use. Otherwise, Username: permanent; Password or security code: while in use.

 

Category: Protected Classifications

Examples: Race, sex, gender, age, disability, medical condition, military status, and familial status.

Disclosed in Last 12 Months To: Government agencies; Marketing support vendors

We May Collect, Process and Disclose for the Following Business Purposes: Reporting applicant demographics to government agencies; Marketing activities

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: Duration of our relationship with you plus 4 years. This data is not collected from or about job applicants (unless required by law or government contract).

 

Category: Commercial Transactional Data

Examples: Information regarding products or services provided, purchasing history.

Disclosed in Last 12 Months To: Financial institutions; Transaction support vendors (e.g., payment processors); Reservation and marketing support vendors.

We May Collect, Process and Disclose for the Following Business Purposes: To fulfill or meet the purpose for which you provided the information; Marketing and sales activities; To process, complete, and maintain records on transactions; To respond to consumer inquiries, including requests for information, customer support online, and phone calls; To provide interest-based advertising; To verify and respond to consumer requests; Processing customer payments.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: 7 years after transaction, unless necessary to maintain for product warranty, OSHA or other regulatory compliance.

 

Category: Internet, Network, and Computer Activity

Examples: Date and time of your visit to this website; webpages visited; links clicked on the website; browser ID; browser type; device ID; whether accessing from a mobile device; and internet or other electronic network activity information related to usage of Company networks, servers, intranet, or shared drives, as well as Company-owned computers and electronic devices, including system and file access logs, security clearance level, browsing history, search history, and usage history.

Disclosed in Last 12 Months To: Marketing support vendors ; Data analytics vendors; Security and risk management vendors and consultants, including IT, cybersecurity, and privacy vendors and consultants

We May Collect, Process and Disclose for the Following Business Purposes: To fulfill or meet the purpose for which you provided the information; Marketing and sales activities; To process, complete, and maintain records on transactions; To schedule, manage and keep track of customer appointments; To respond to consumer inquiries, including requests for information, customer support online, and phone calls; To provide interest-based advertising; To process for targeted advertising; To improve user experience on our website; To understand the demographics of our website visitors; To detect security incidents; To protect against malicious or illegal activity and prosecute those responsible; Monitor security controls for electronic networks; Access internet at our properties.

Sold or Shared in Last 12 Months To Sold to: website data analytics vendors; Shared (for cross-context behavioral advertising) with: internet marketing vendors.

Retention Period: For independent contractors, duration of our relationship with you plus 4 years. Otherwise, 3 years.

 

Category: Geolocation Data

Examples: IP address and/or GPS location (latitude & longitude).

Disclosed in Last 12 Months To: Marketing support vendors; Data analytics vendors; Security and risk management vendors and consultants, including IT, cybersecurity, and privacy vendors and consultants

We May Collect, Process and Disclose for the Following Business Purposes: To fulfill or meet the purpose for which you provided the information; Marketing and sales activities; provide interest-based advertising; To process for targeted advertising; To understand the demographics of our website visitors; To detect security incidents; To protect against malicious or illegal activity and prosecute those responsible; Monitor security controls for electronic networks.

Sold or Shared in Last 12 Months To Sold to: website data analytics vendors; Shared (for cross-context behavioral advertising) with internet marketing vendors

Retention Period: 3 years

 

Category: Online Portal and Mobile App Access and Usage Information

Examples: Username and password, account history, usage history, file access logs, security clearance level, and any information submitted through the account.

Disclosed in Last 12 Months To: Security and risk management vendors and consultants, including IT, cybersecurity, and privacy vendors and consultants

We May Collect, Process and Disclose for the Following Business Purposes: To grant access to Company accounts and systems; Ensure security of Company data accessed through Company account and systems; To improve user experience on our website.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: Username kept indefinitely; passwords while in use; rest for 3 years.

 

Category: Visual, Audio or Video Recordings

Examples: Your image when recorded or captured in surveillance camera footage.

Disclosed in Last 12 Months To: Security and risk management vendors and consultants, including IT, cybersecurity, and privacy vendors and consultants; Government agencies.

We May Collect, Process and Disclose for the Following Business Purposes: To detect security incidents; To protect against malicious or illegal activity and prosecute those responsible.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: Surveillance video: 45-90 days.

 

Category: Inferences

Examples: Based on analysis of the personal information collected, we may develop inferences regarding employees’ preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes for purposes of employment and management decisions related to staffing, assignments, responsibilities, team composition, hiring, promotion, demotion, and termination, among other things.

Disclosed in Last 12 Months To: Not applicable.

We May Collect, Process and Disclose for the Following Business Purposes: Marketing and sales activities; Evaluate applicants for potential hire.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: For job applicants, if hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer. Otherwise, duration of our relationship with you plus 7 years.

Category: Pre-Hire Information (For Job Applicants) / Pre-Contract Information (For Independent Contractors)

Examples: Information provided in your job application or resume, information gathered as part of background screening and reference checks, pre-hire drug test results, job interview notes by persons conducting job interviews for the Company, information contained in candidate evaluation records and assessments, and voluntary disclosures by you.

Disclosed in Last 12 Months To: Applicant tracking and talent management systems; Consulting and investigation firms, including human resources consultants, safety consultants, and workplace investigators

We May Collect, Process and Disclose for the Following Business Purposes: Evaluate applicants for potential hire; Conduct background checks.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: For job applicants, if hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer. For independent contractors, duration of our relationship with you plus 4 years.

 

Category: Employment and Education History (For Job Applicants)

Examples: Information contained in job applicants’ resumes regarding educational history, information in transcripts or records of degrees, vocational certifications obtained, and information regarding prior job experience, positions held, and when permitted by applicable law your salary history or expectations.

Disclosed in Last 12 Months To: Applicant tracking and talent management systems; Consulting and investigation firms, including human resources consultants, safety consultants, and workplace investigators

We May Collect, Process and Disclose for the Following Business Purposes: Evaluate applicants for potential hire;Conduct background checks.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: If hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer.

 

Category: Professional-Related Information (For Independent Contractors)

Examples: Information on independent contractors contained in tax forms/1099 forms, safety records, licensing and certification records, and performance records, and information related to services provided by independent contractors, including in statements of work.

Disclosed in Last 12 Months To: Government agencies; Financial institutions; Consulting and investigation firms, including human resources consultants, safety consultants, and workplace investigators

We May Collect, Process and Disclose for the Following Business Purposes: Evaluate contractors for potential hire; Tax reporting requirements; Contracting with and payment to contractors.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: For independent contractors, duration of our relationship with you plus 4 years.

 

Category: Facility & Systems Access Records

Examples: Information identifying you if you accessed our secure facilities, systems, networks, computers, and equipment and at what times using their keys, badges, or other security access method.

Disclosed in Last 12 Months To: Security and risk management vendors and consultants, including IT, cybersecurity, and privacy vendors and consultants

We May Collect, Process and Disclose for the Following Business Purposes: Grant access to facilities and systems; To detect security incidents; To protect against malicious or illegal activity and prosecute those responsible.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: 2 years

 

Category: Medical and Health Information

Examples: Information related to symptoms, exposure, contact tracing, pandemics, or other public health emergency.

Disclosed in Last 12 Months To: Not Disclosed

We May Collect, Process and Disclose for the Following Business Purposes: To reduce the risk of spreading infectious diseases in or through the workplace; To protect job applicants, independent contractors, and other consumers from exposure to infectious diseases (e.g., COVID-19); To comply with local, state, and federal law, regulations, ordinances, guidelines, and orders relating to infectious diseases, pandemics, outbreaks, and public health emergencies, including applicable reporting requirements; To facilitate and coordinate pandemic-related initiatives and activities (whether Company-sponsored or through the U.S. Center for Disease Control and Prevention, other federal, state and local governmental authorities, and/or public and private entities or establishments, including vaccination initiatives); To identify potential symptoms linked to infectious diseases, pandemics, and outbreaks (including through temperature checks, antibody testing, or symptom questionnaire); To permit contact tracing relating to any potential exposure to infectious diseases; To communicate with job applicants, independent contractors, and other consumers regarding potential exposure to infectious diseases (e.g., COVID-19) and properly warn others who have had close contact with an infected or symptomatic individual so that they may take precautionary measures, help prevent further spread of the virus, and obtain treatment, if necessary.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: 2 years. Job Applicants: If hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer.

 

For job applicants and contractors that are residents of California, we may collect your personal information (including the categories described in the above tables) for the following additional business purposes:

1.     JOB APPLICANT PURPOSES:

a.     To fulfill or meet the purpose for which you provided the information. For example, if you share your name and contact information to apply for a job with the Company, we will use that Personal Information in connection with your candidacy for employment.

b.     To comply with local, state, and federal law and regulations requiring employers to maintain certain records, as well as local, state, and federal law, regulations, ordinances, guidelines, and orders relating to infectious diseases, pandemics, outbreaks, and public health emergencies, including applicable reporting requirements.

c.     To evaluate your job application and candidacy for employment.

d.     To obtain and verify background check and references.

e.     To communicate with you regarding your candidacy for employment.

f.      To permit you to create a job applicant profile, which you can use for filling out future applications if you do not get the job you are applying for.

g.     To keep your application on file even if you did not get the job applied for, in case there is another position for which we want to consider you as a candidate even if you do not formally apply.

h.     To evaluate and improve our recruiting methods and strategies.

i.      To engage in lawful monitoring of job applicant activities and communications when they are on Company premises, or utilizing Company internet and WiFi connections, computers, networks, devices, software applications or systems.

j.      To engage in corporate transactions requiring review or disclosure of job applicant records subject to non-disclosure agreements, such as for evaluating potential mergers and acquisitions of the Company.

k.     To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company related to recruiting or processing of data from or about job applicants.

l.      To improve job applicant experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.

m.   To reduce the risk of spreading infectious diseases in or through the workplace.

2.     INDEPENDENT CONTRACTOR AND BUSINESS-TO-BUSINESS PURPOSES:

a.     To fulfill or meet the purpose for which you provided the information.

b.     To comply with state and federal law and regulations requiring businesses to maintain certain records (accident or safety records, and tax records/1099 forms).

c.     To engage the services of independent contractors and compensate them for services.

d.     To evaluate, make, and communicate decisions regarding an independent contractor, including decisions to hire and/or terminate.

e.     To grant independent contractors access to secure Company facilities, systems, networks, computers, and equipment, and maintain information on who accessed such facilities, systems, networks, computers, and equipment, and what they did therein or thereon.

f.      To implement, monitor, and manage electronic security measures on independent contractor devices that are used to access Company networks and systems.

g.     To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company.

h.     To improve user experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.

i.      To reduce the risk of spreading infectious diseases in or through the workplace.

State Of Residency: California

Categories of Sensitive Personal Information or Sensitive Data that is Collected or Processed: Personal Identifiers (social security number); Account Information (your Company account log-in, in combination with any required security or access code, password, or credentials allowing access to the account); Protected Classifications (Race, sex, gender, age, disability, medical condition, military status, or familial status.); Medical and Health Information Geolocation Data (IP address and/or GPS location, latitude & longitude.

Personal Information or Personal Data does not include: Publicly available information from government records; Information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer, independent contractor, or applicant, or from widely distributed media; Information made available by a person to whom the consumer, independent contractor, or applicant has disclosed the information if the consumer, independent contractor, or applicant has not restricted the information to a specific audience; Deidentified or aggregated information.

 

State of Residency: Colorado

Categories of Sensitive Personal Information or Sensitive Data that is Collected or Processed: Personal data revealing race, sex, gender, age, disability, medical condition, military status, or familial status

Personal Information or Personal Data does not include: De-identified data or; Publicly available information.

 

State of Residency: Oregon

Categories of Sensitive Personal Information or Sensitive Data that is Collected or Processed: Reveals a consumer’s race, sex, gender, age, disability, medical condition, military status, or familial status; Accurately identifies within a radius of 1,750 feet a consumer’s present or past location, or the present or past location of a device that links or is linkable to a consumer by means of technology that includes, but is not limited to, a global positioning system that provides latitude and longitude coordinate. This does not include the content of communications or any data generated by or connected to advanced utility metering infrastructure systems or equipment for use by a utility.

Personal Information or Personal Data does not include: Data that is lawfully available through federal, state or local government records or through widely distributed media; Data that a controller reasonably has understood to have been lawfully made available to the public by a consumer.

 

State of Residency: Texas

Categories of Sensitive Personal Information or Sensitive Data that is Collected or Processed: Personal data revealing race, sex, gender, age, disability, medical condition, military status, or familial status; Precise geolocation data.

Personal Information or Personal Data does not include: De-identified data; Publicly available information.

 

State of Residency: Virginia

Categories of Sensitive Personal Information or Sensitive Data that is Collected or Processed: Personal data revealing race, sex, gender, age, disability, medical condition, military status, or familial status; Precise geolocation data.

Personal Information or Personal Data does not include: De-identified data; Publicly available information.

 

We May Collect Your Personal Information From The Following Sources:

·      You the consumer, independent contractor, or job applicant, when you visit the website and voluntarily submit information through forms on the website or social media, when you visit any of our stores or physical locations, when you purchase or inquire about any of our products or services, when you enter into a contract to perform services for us, or when you apply for a position of employment.

·      Our employees and contractors, when you interact with them.

·      Other customers and visitors, when you interact with them or when they observe you.

·      We utilize cookies to automatically collect information about our website visitors.

·      Surveillance cameras at our physical locations.

·      Background screening companies.

·      Recruiters and staffing agencies.

·      Career sites or platforms like LinkedIn and Indeed.

·      Social media platforms.

·      Personal references and former employers.

·      Company-issued computers and electronic devices.

·      Company systems, networks, software applications, and databases you log into or use.

·      Personal references and former employers (if you are a job applicant)

·      Schools, universities, or other educational institutions which you attended (if you are a job applicant)

 

We do NOT sell or share your personal information in exchange for monetary consideration. However, excluding job applicants and independent contractors, if you are a resident of California, Colorado, Oregon, or Texas, we may sell or share some of your information to third parties for other valuable consideration, as noted in the table above.

We May Sell or Share Your Personal Information For The Following Business or Commercial Purposes:

·      To provide interest-based and targeted advertising.

·      To receive data analytics services regarding our website traffic.

 

Other than these two exceptions, we do not and will not disclose your personal information to any third party in exchange for other valuable consideration or share your personal information for cross-context behavioral advertising.

Notice Of Right Of California Residents To Opt-Out Of The Selling And Sharing Of Your Information

While we do not sell or share your personal information in exchange for money, we may sell or share your personal information (excluding applicants and independent contractors) for other valuable consideration. You have the right to tell us NOT to sell or share your personal information. You have the full and free right to opt-out of our disclosure of your personal information to any third parties where the disclosure constitutes “selling” or “sharing” as defined by the California Privacy Rights Act. You may exercise your right to opt-out without fear of discrimination for doing so. To opt-out of our selling or sharing of your information, meaning, we will not disclose your information to third parties for other valuable consideration, you can do any of the following:

 

·      To submit an online opt-out email us at yourprivacy@sagehospitalitygroup.com;

·      Visit the Company’s website at: www.sagehospitalitygroup.com. Click on “Your California Privacy Rights” to be taken to an online submission form;

·      Inquire with the front desk associate at the property where you are staying or ask the host at the restaurant where you are dining to provide a paper opt-out submission form;

·      You can use a Global Privacy Controls (GPC) signal. We will process opt-out preferences from GPC signals, which are in formats commonly used and recognized by businesses, such as an HTTP field header, as requests to opt-out of sale or sharing. The GPC signal opt-out will only apply to the browser you are using on your device; it will not apply to other browsers and/or devices to which GPCs are not activated or to offline sales;

·      If you are unable to submit an opt-out through any of the above methods, please call our toll-free privacy line at (883)-700-2444 for assistance and a representative will assist in meeting your needs.

 

You can have an authorized agent submit a request on your behalf. To submit an opt-out through use of an authorized agent, you must provide that agent with written permission signed by you to submit an opt-out on your behalf, except when using an opt-out preference signal. The authorized agent may call our toll-free privacy line at (883)700-2444 to make the opt-out request and for directions for submitting the proof of authorization and the authorized agent’s proof of identification to us. We maintain the right to deny any request from an authorized agent that does not submit sufficient proof that they have been authorized by you to act on your behalf.

 

A request to opt-out need not be a verifiable consumer request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Notice of Rights of Colorado Residents Regarding Processing of Sensitive Data and Right to Opt-Out Of The Sale Of Personal Information and Processing Of Personal Information For Targeted Advertising

As provided by the Colorado Privacy Act (CPA), we do not process your sensitive data without obtaining your consent. We do not process sensitive data concerning a known child without processing such data in accordance with the federal Children’s Online Privacy Protection Act (15 U.S.C. § 6501 et seq.).

 

Additionally, you have the right to opt out of the sale of your Personal Information to third parties, the use of your Personal Information for targeted advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. You may exercise your right to opt out without fear of discrimination for doing so. To exercise your right to opt out of the sale of your Personal Information and the use of your Personal Information for targeted advertising, you can do any of the following:

 

·      To submit an online opt-out email us at yourprivacy@sagehospitalitygroup.com;

·      Inquire with the front desk associate at the property where you are staying or ask the host at the restaurant where you are dining to provide a paper opt-out submission form;

·      If you are unable to submit a request to opt-out through any of the above methods, please call our toll-free privacy line at (883)700-2444 for assistance and a representative will assist in meeting your needs.

 

A request to opt out must be a verifiable request. We may deny a request to opt out if we are unable to authenticate the request through commercially reasonable efforts, or we may ask for additional information that is reasonably necessary to authenticate the request. This request to opt out does not apply to job applicants or independent contractors.

Notice of Rights of Virginia Residents Regarding Processing of Sensitive Data And Right to Opt Out of the Sale Of Personal Information and Processing Of Personal Information For Targeted Advertising

As provided by the Virginia Consumer Data Protection Act (“VCDPA”), we do not process your sensitive data without obtaining your consent. We do not process sensitive data concerning a known child without processing such data in accordance with the federal Children’s Online Privacy Protection Act (15 U.S.C. § 6501 et seq.).

Additionally, you have the right to opt out of the sale of your Personal Information to third parties, the use of your Personal Information for targeted advertising. You may exercise your right to opt out without fear of discrimination for doing so. To exercise your right to opt out of the sale of your Personal Information, the use of your Personal Information for targeted advertising, you can do any of the following:

·      To submit an online opt-out email us at yourprivacy@sagehospitalitygroup.com.

·      Inquire with the front desk associate at the property where you are staying or ask the host at the restaurant where you are dining to provide a paper opt-out submission form;

·      If you are unable to submit a request to opt-out through any of the above methods, please call our toll-free privacy line at (883)-700-2444 for assistance and a representative will assist in meeting your needs.

 

A request to opt out must be a verifiable request. We may deny a request to opt out if we are unable to authenticate the request through commercially reasonable efforts, or we may ask for additional information that is reasonably necessary to authenticate the request. This request to opt out does not apply to Virginia job applicants or independent contractors.

Opt-Out Preference Signals

Opt-out preference signals provide consumers with a simple and easy-to-use method by which to exercise the right to opt-out of the selling and sharing of their information. Global Privacy Controls (GPC) or Universal Opt-Out Mechanism (UOOM) are user-enabled opt-out preference signals. We will process opt-out preferences from GPC and UOOM signals which are in formats commonly used and recognized by businesses, such as an HTTP field header. We will treat a consumer’s use of GPCs or UOOMs as, for California residents, a valid request to opt-out of the selling and sharing of information for that browser, and, for Colorado residents, a valid request to request to opt out of sale and processing for purposes of targeted advertising for that browser. We currently do not connect browser use to particular consumers and, as such, you will need to use GPCs or UOOMs on all browsers in which you access our website and use our opt-out form to opt-out of offline sales.

Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals or other mechanisms (with the exception of GPCs and UOOMs) that provide a choice regarding the collection of personal information about activities over time and across different websites or online services. We encourage users who have DNTs to use GPCs or UOOMs.

For California Residents, We Do And Will Use Or Disclose Your Sensitive Personal Information For Purposes Other Than The Following:

1.              To perform the services reasonably expected by an average consumer who requests those services;

2.              To detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information;

3.              To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions;

4.              To ensure the physical safety of natural persons;

5.              For short-term, transient use;

6.              To perform services on our behalf;

7.              To verify or maintain the quality or safety of a product, service or device that is owned, manufactured, manufactured for, or controlled by the Company, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the Company;

8.              For purposes that do not involve inferring characteristics about the consumers, contractors, and applicants.

 

Notice of Rights of California Residents to Limit The Use of Your Sensitive Personal Information

As provided by the California Privacy Rights Act, you have the right to limit our use or disclosure of your sensitive personal information to uses that are necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those services or goods. You have the full and free right to limit our use or disclosure of your sensitive personal information as defined by the California Privacy Rights Act. You may exercise your right to limit without fear of discrimination for doing so. To limit the use or disclosure of your sensitive personal information, you can do any of the following:

 

·      To submit an online request to limit email us at yourprivacy@sagehospitalitygroup.com.

·      Visit the Company’s website at: www.sagehospitalitygroup.com. Click on “Your California Privacy Rights” to be taken to an online submission form;

·      Inquire with the front desk associate at the property where you are staying or ask the host at the restaurant where you are dining to provide a paper opt-out submission form;

·      If you are unable to submit an opt-out through any of the above methods, please call our toll-free privacy line at (883)-700-2444 for assistance and a representative will assist in meeting your needs.

 

You can have an authorized agent submit a request to limit on your behalf. To submit a request to limit through use of an authorized agent you must provide that agent with written permission signed by you to submit an opt-out on your behalf. The authorized agent may call our toll-free privacy line at (883)-700-2444 to make the request to limit and for directions for submitting the proof of authorization and the authorized agent’s proof of identification to us. We maintain the right to deny any request from an authorized agent that does not submit sufficient proof that they have been authorized by you to act on your behalf.

A request to limit need not be a verifiable request. However, we may deny a request to limit if we have a good faith, reasonable, and documented belief that a request to limit is fraudulent. If we deny your request to limit, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Retention Of Personal Information

We will retain each category of personal information in accordance with our established data retention schedule as indicated above. Some of the retention periods in the retention schedule above are measured from a particular point in time that has not occurred yet, such as the end of employment or end of a relationship (whether business, contractual, or transactional) plus a certain number of years. Where no particular event is defined in the retention schedule as the point from which the retention period is measured, we will measure the retention period from either (1) the date the record or data was collected, created, or last modified, (2) the date of the particular transaction to which the record or data pertains, or (3) another triggering event that is determined to be reasonable and appropriate based on the nature of the data and the legal/business needs for its continued use.

In deciding how long to retain each category of personal information that we collect, we consider many criteria, including, but not limited to: the business purposes for which the Personal Information was collected; relevant federal, state and local recordkeeping laws; applicable statutes of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.

We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the personal information, and legal reasons for retaining the personal information, have both expired. If so, we will purge the information in a secure manner.

Third-party Vendors

We may use other companies and individuals to perform certain functions on our behalf. Examples include administering e-mail services and running special promotions. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose. Subscribers or site visitors will never receive unsolicited e-mail messages from vendors working on our behalf.

Business Transfers

In the event we sell or transfer a particular portion of its business assets, information of consumers, contractors and applicants may be one of the business assets transferred as part of the transaction. If substantially all of our assets are acquired, information of consumers, contractors and applicants may be transferred as part of the acquisition.

Compliance With Law/Safety

We may disclose specific personal and/or sensitive personal information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect our employees or the public.

Use Of Cookies And Other Tracking Technologies

Cookies are small files that a website may transfer to a user’s computer that reside there for either the duration of the browsing session (session cookies) or on a permanent (until deleted) basis (persistent cookies) that may be used to identify a user, a user’s machine, or a user’s behavior. We make use of cookies under the following circumstances and for the following reasons:

·      Provide you with services available through the website and to enable you to use some of its features;

·      Authenticate users and prevent fraudulent use of user accounts;

·      Identify if users have accepted the use of cookies on the website;

·      Compile data about website traffic and how users use the website to offer a better website experience;

·      Understand and save visitor preferences for future visits, such as remembering your login details or language preference, to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use the website;

·      Track your browsing habits to enable us to show advertising which is more likely to be of interest to you, including advertising by third parties on our website.

 

You may delete cookies from your web browser at any time or block cookies on your equipment, but this may affect the functioning of or even block the Website. You can prevent saving of cookies (disable and delete them) by changing your browser settings accordingly at any time. It is possible that some functions will not be available on our Website when use of cookies is deactivated. Check the settings of your browser. Below you can find some guidance:

·      Safari

·      Opera

·      Internet Explorer

·      Google Chrome

·      Mozilla

 

Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. It is an older proposed standard than a GPC or UOOC. The Company does not respond to DNT signals or other mechanisms (with the exception of GPCs and UOOCs) that provide a choice regarding the collection of personal information about activities over time and across different websites or online services, and we encourage users who have DNTs to use GPCs or UOOCs.

External Links

Our website contain links to other sites. We are not responsible for the privacy practices or the content of such websites. To help ensure the protection of your privacy, we recommend that you review the Privacy Policy of any site you visit via a link from our website.

Passwords

The personal data record created through your registration with our website can only be accessed with the unique password associated with that record. To protect the integrity of the information contained in this record, you should not disclose or otherwise reveal your password to third parties.

Children Under The Age Of 16

Our website is not intended for children under 16 years of age. No one under age 16 may provide any personal information on the website. We do not knowingly collect, sell or share any personal information of children under 16. If you are under 16, do not use or provide any information on our website. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at the email address below.

How We Protect The Information That We Collect

The protection of the information that we collect about visitors to this website is of the utmost importance to us and we take every reasonable measure to ensure that protection, including:

·      We keep automatically collected data and voluntarily collected data separate at all times;

·      We use internal encryption on all data stores that house voluntarily captured data;

·      We use commercially reasonable tools and techniques to protect against unauthorized access to our systems;

·      We restrict access to private information to those who need such access in the course of their duties for us.

·      HTTPS, only TLS 1.2, is adopted for data transferring.

 

For Applicable Individuals as Discussed in the Below State-Specific Sections on Consumer Rights, You Can Submit Any Of The Below Types Of Consumer Rights Requests Through Any Of These 4 Options:

·      Submit an online request by emailing us at yourprivacy@sagehospitalitygroup.com;

·      Call our privacy toll-free line at (883)-700-2444;

·      Complete a paper form, which can be requested by writing to us at Sage Hospitality Group, 1575 Welton Street, Suite 300, Denver, CO 80202, Attention: Director IT Security to request a paper submission form.

·      Complete a paper form, which can be requested by inquiring with the front desk associate at the property where you are staying or ask the host at the restaurant where you are dining to provide a paper submission form;

For California Residents

This section of the Privacy Policy applies only to California residents who are natural persons. If you are a California resident, you have the following rights pursuant to the California Consumer Privacy (CCPA) as amended by the California Privacy Rights Act (CPRA):

1.     CCPA/CPRA Right to Know. The right to request, up to 2 times in a 12-month period, that we identify to you (1) the categories of personal information we have collected about you going back to January 1, 2022, unless doing so would be impossible or involve disproportionate effort, or unless you request a specific time period, (2) the categories of sources from which the personal information was collected, (3) the business or commercial purpose for collecting, selling, or sharing this information, (4) the categories of third parties with whom we share or have shared your personal information, (5) as applicable, the categories of personal information that we have sold or shared about you and the categories of third parties to whom the personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared, and (6) the categories of personal information that we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose;

2.     CCPA/CPRA Right to Access. The right to request, up to 2 times in a 12-month period, that we disclose to you, free of charge, the specific pieces of personal information we have collected about you going back to January 1, 2022, unless doing so would be impossible or involve disproportionate effort, or unless you request a specific time period;

3.     CCPA/CPRA Right to Delete. The right to request, up to 2 times in a 12-month period, that we delete personal information that we collected from you, subject to certain exceptions;

4.     CCPA/CPRA Right to Correct. The right to request that we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you;

5.     CCPA/CPRA Right to Opt-Out. The right to opt-out of the selling or sharing of your personal information to third parties (as applicable);

6.     CCPA/CPRA Right to Limit. The right to limit the use or disclosure of your sensitive personal information; we maintain about you;

7.     The CCPA/CPRA right to designate an authorized agent to submit one of the above requests on your behalf. See below for how you can designate an authorized agent;

8.     The CCPA/CPRA right to not be discriminated or retaliated against for exercising any of the above rights, including for California residents an applicant’s and independent contractor’s right not to be retaliated against for exercising the above rights.

 

How We Will Verify That It Is Really You Submitting The Request:

When you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us.

 

Responding To Your Right To Know, Right To Access, And Right To Delete Requests

For California residents, upon receiving a verifiable request, we will confirm receipt of the request no later than 10 business days after receiving it. We endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing.

We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

For California residents, we do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request

For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessarily information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Responding To A California Resident’s Request To Opt-Out Of The Selling Or Sharing Of Your Personal Information

We will act upon a consumer request from a California resident to opt-out within fifteen (15) days of its receipt. We will notify all third parties to whom we have sold or shared personal information of your request and instruct them to comply with the request within the same time frame. We will notify you when this has been completed by mail or electronically, at your option.

 

A request to opt-out by a California resident need not be a verifiable consumer request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Responding To A California Resident’s Request To Limit The Use Of Sensitive Personal Information

For California residents, we will act upon a request to limit the use of sensitive personal information within fifteen (15) business days of its receipt. We will notify all third parties that use or disclose sensitive personal information of your request to limit and instruct them to comply with the request within the same time frame. We will notify you when this has been completed by mail or electronically, at your option.

For California residents, a request to limit need not be a verifiable request. However, we may deny a request to limit if we have a good faith, reasonable, and documented belief that a request to limit is fraudulent. If we deny your request to limit, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

If You Have An Authorized Agent

If you are a California resident, you can authorize someone else as an authorized agent who can submit a request on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney or (b) provide other written, signed authorization that we can then verify. When we receive a request submitted on your behalf by an authorized agent who does not have a power of attorney, that person will be asked to provide written proof that they have your permission to act on your behalf, and we will also contact you and ask you for information to verify your own identity directly with us and not through your authorized agent. We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf.

California Shine The Light:

The California Civil Code permits California Residents with whom we have an established business relationship to request that we provide you with a list of certain categories of personal information that we have disclosed to third parties for their direct marketing purposes during the preceding calendar year. To make such a request, please send an email yourprivacy@sagehospitalitygroup.com, or write to us at the address listed below. Please mention that you are making a “California Shine the Light” inquiry.

For Colorado Residents

This section of the Privacy Policy applies only to Colorado residents who are natural persons acting in an individual or household context, and acting outside a commercial or employment context, such as a job applicant. If you are a Colorado resident acting in an individual or household context, you have the following rights under the Colorado Privacy Act (CPA):

 

1.     Right to Opt-out. For Colorado residents, the right to opt-out of the processing of Personal Information for purposes of: (i) targeted advertising or (ii) the sale of Personal Information;

2.     Right of access. For Colorado residents, the right to confirm whether we are processing Personal Information concerning you and to access the your Personal Information;

3.     Right to correction. For Colorado residents, the right to request that we correct inaccurate Personal Information (to the extent such an inaccuracy exists) that we maintain about you;

4.     Right to deletion. For Colorado residents, the right to delete Personal Information concerning you;

5.     Right to data portability. For Colorado residents, up to two (2) times per calendar year, the right to have requested data under the right to access provided in a portable and, to the extent technically feasible, readily usable format.

6.     The right to designate an authorized agent to submit one of the above requests on your behalf. See below for how you can designate an authorized agent.

 

PROCEDURE TO APPEAL REFUSAL TO TAKE ACTION ON REQUESTS UNDER THE CPA

For Colorado residents, under the CPA, if your requests are manifestly unfounded, excessive, or repetitive, we may charge you a reasonable fee to cover the administrative costs of complying with you requests, or we may decline to act on the request.

You may appeal our refusal to take action on a request within 30 calendar days after your receipt of our decision. In order to submit an appeal, you may call our privacy toll-free line at (883) 700-2444 to request an appeal form, which must be returned within 30 calendar days of your receipt of our decision. Within 45 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions, or inform you of a 60 day extension and the reasons for the extension. If the appeal is denied, we will also provide you with a method through which you may contact the Colorado Attorney General to submit a complaint. (This appeal process does not apply to Colorado job applicants or independent contractors.)

For Oregon Residents

This section of the Privacy Policy applies only to Oregon residents who are natural persons. If you are an Oregon resident, you have the following rights pursuant to the Oregon Consumer Privacy Act (OCPA):

 

1.     Right to Know. The right to request that we identify to you (1) whether we are processing or have processed your personal information, and (2) the categories of personal information we have collected about you.  We have the discretion of whether to provide a list of specific third parties (that are non-natural persons) we disclosed your personal data or any personal data;

2.     Right to Access. The right to request that we disclose to you, a copy of the specific pieces of personal information we are or have processed about you.  To the extent it is technically feasible, we will provide such information in a readily usable format;

3.     Right to Delete. The right to request that we delete personal information that we collected from you, subject to certain exceptions;

4.     Right to Correct. The right to request that we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you;

5.     Right to Opt-Out. The right to opt-out of the processing of your personal information for the purposes of targeted advertising or sale of personal data;

6.     The right to designate an authorized agent to submit one of the above requests on your behalf. See below for how you can designate an authorized agent; and

7.     The right to not be discriminated or retaliated against for exercising any of the above rights, including the denial of goods or services, being charged different prices or rates, or being provided a different level of quality or selection of services.

 

How We Will Verify That it is Really You Submitting the Request

If you are an Oregon resident, when you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us. For example, we may need you to provide your name, email, phone number, IP address, browser ID, amount of your last purchase with the business, and/or date of your last transaction with the business.

Responding to Your Right to Know, Right to Access, Right to Delete, and Right to Correct Requests

Upon receiving a verifiable request from an Oregon resident, we endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable request unless it is your second or any other subsequent requests made in a 12-month period. No fee will be placed on any requests to correct or delete.

For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessarily information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Responding to Your Request to Opt-Out of the Selling or Sharing of Your Personal Information

We will act upon a consumer request to opt-out within forty-five (45) days of its receipt. We will notify all processors and third parties to whom we have sold or shared personal information of your request and instruct them to comply with the request within the same time frame. We will notify you when this has been completed by mail or electronically, at your option.

A request to opt-out need not be a verifiable consumer request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

If You Have an Authorized Agent:

If you are an Oregon resident, you can authorize someone else as an authorized agent who can submit a request on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney or (b) provide other written, signed authorization that we can then verify. When we receive a request submitted on your behalf by an authorized agent who does not have a power of attorney, that person will be asked to provide written proof that they have your permission to act on your behalf, and we will also contact you and ask you for information to verify your own identity directly with us and not through your authorized agent. We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf.

 

PROCEDURE TO APPEAL REFUSAL TO TAKE ACTION ON REQUESTS UNDER THE OCPA

For Oregon residents, under the OCPA, if your requests are manifestly unfounded, excessive, or repetitive, we may charge you a reasonable fee to cover the administrative costs of complying with you requests, or we may decline to act on the request.

You may appeal our refusal to take action on a request within 30 calendar days after your receipt of our decision. In order to submit an appeal, you may call our privacy toll-free line at (883)700-2444 to request an appeal form, which must be returned within 30 calendar days of your receipt of our decision. Within 45 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, we will also provide you with a method through which you may contact the Oregon Attorney General to submit a complaint. (This appeal process does not apply to Oregon job applicants or independent contractors.)

For Texas Residents

This Section describes the Consumer Rights available to Texas Residents under the Texas Data Privacy and Security Act (“TDPSA”), Tex. Bus. & Comm. Code §§ 541.001-541.205. Rights described in this section apply only to an individual who is a resident of Texas acting only in an individual or household context and specifically excludes an individual acting in a commercial or employment context.

If you are a Texas Resident, the TDPSA provides the following rights:

·      Right to Know/Access: You have the right to confirm whether we are processing your personal data and, if so, you are entitled to make such a request at least twice annually free of charge, unless we find your request is manifestly unfound, excessive, or repetitive. In such a case, we may charge you a reasonable fee to cover the administrative cost of complying with your request or decline to act on the request.

·      Right to Correct: You have the right to correct inaccuracies in your data, taking into account the nature of your personal data and purposes for which we process it.

·      Right to Delete: You have the right to request deletion of your personal data you provided to us or which we obtained about you as a consumer.

·      Right to Data Portability: If your personal data is available in digital format, you are entitled to obtain a copy of your personal data that you previously provided to us in portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller without hinderance.

·      Right to Opt-Out: You have the right to opt-out of processing of your personal data for the purposes of targeted advertising or the sale of personal data.

·      Nondiscrimination: The TDPSA prohibits discrimination against a consumer for exercising any of the consumer rights contained in the Act, including by denying goods or services, charging different prices or rates for goods or services, or providing a different level of quality of goods or services to the consumer.

·      Appeal: The TDPSA provides that you have the right to appeal any refusal we make to take action on a consumer request you submit to us in connection with your rights under the Act.

 

Responding To Your Right To Know, Right To Access, And Right To Delete Requests

For Texas residents, upon receiving a verifiable request, we will confirm receipt of the request no later than 45 business days after receiving it. We endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

For Texas residents, we do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessarily information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

PROCEDURE TO APPEAL REFUSAL TO TAKE ACTION ON REQUESTS UNDER THE TDPSA

For Texas residents, under the TDPSA, if your requests are manifestly unfounded, excessive, or repetitive, we may charge you a reasonable fee to cover the administrative costs of complying with you requests, or we may decline to act on the request.

You may appeal our refusal to take action on a request within 30 calendar days after your receipt of our decision. In order to submit an appeal, you may call our privacy toll-free line at (883)-700-2444 to request an appeal form, which must be returned within 30 calendar days of your receipt of our decision. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, we will also provide you with a method through which you may contact the Texas Attorney General to submit a complaint. (This appeal process does not apply to Texas job applicants or independent contractors.

For Virginia Residents

This section of the Privacy Policy applies only to Virginia residents who are natural persons acting in an individual or household context.

If you are a Virginia resident acting in an individual our household context, you have the following rights under the Virginia Consumer Data Protection Act (VCDPA):

·      Right to Know. The right to request, up to 2 times annually, confirmation of whether or not we are processing your Personal Information;

·      Right to Access. The right to request, up to 2 times annually, that we disclose to you, free of charge, the specific pieces of Personal Information we are processing about you;

·      Right to Delete. The right to request, up to 2 times in a 12-month period, that we delete personal information that we collected from you, subject to certain exceptions;

·      Right to Correct. The right to request that we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you;

·      Right to Opt-Out. The right to opt-out of the processing of Personal Information for purposes of: (i) targeted advertising or (ii) the sale of Personal Information;

·      The right to not be discriminated or retaliated against for exercising any of the above rights.

 

PROCEDURE TO APPEAL REFUSAL TO TAKE ACTION ON REQUESTS UNDER THE VCDPA

For Virginia residents, under the VCDPA, if your requests are manifestly unfounded, excessive, or repetitive, we may charge you a reasonable fee to cover the administrative costs of complying with you requests, or we may decline to act on the request.

You may appeal our refusal to take action on a request within 30 calendar days after your receipt of our decision. In order to submit an appeal, you may call our privacy toll-free line at (883)-700-2444 to request an appeal form, which must be returned within 30 calendar days of your receipt of our decision. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, we will also provide you with a method through which you may contact the Virginia Attorney General to submit a complaint. (This appeal process does not apply to Virginia job applicants or independent contractors.)

How We Will Verify That it is Really You Submitting the Request

When you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct or Right to Opt out request through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us.

Responding to Your Right to Know, Right to Access, Right to Delete, Right to Correct Requests

For Virginia residents, we endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period within the initial 45-day period after receipt of your request.

For Virginia residents, we do not charge a fee for up to 2 requests annually, unless the requests are manifestly unfounded, excessive, or repetitive, in which case we may charge you a reasonable fee to cover the administrative costs of complying with the requests, or we may decline to act on the request.

 

For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessary information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Responding to a Virginia Resident’s Request to Opt-Out of Targeted Advertising and Selling of Personal Information

We endeavor to respond to a verifiable request to opt-out within forty-five (45) calendar days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period within the initial 45-day period after receipt of your request.

Consent To Terms And Conditions

By using this website, you consent to all terms and conditions expressed in this Privacy Policy.

Changes To Our Privacy Policy

As our services evolve and we perceive the need or desirability of using information collected in other ways, we may from time to time amend this Privacy Policy. We encourage you to check our website frequently to see the current Privacy Policy in effect and any changes that may have been made to them. If we make material changes to this Privacy Policy, we will post the revised Privacy Policy and the revised effective date on this website. Please check back here periodically or contact us at the address listed at the end of this Privacy Policy.

Consumers With Disabilities

This policy is in a form that is accessible to consumers with disabilities.

Questions About The Policy

This website is owned and operated by the Company. If you have any questions about this privacy policy, please contact us at yourprivacy@sagehospitalitygroup.com or call (883)-700-2444.

 

**This policy was last updated January 16, 2024.ONLINE PRIVACY POLICY

Sage Hospitality Group together with its affiliated entities (including restaurants, hotels, and spas) and except as noted below (collectively, the “Company” or “we”) has developed this privacy policy out of respect for the privacy of our customers, visitors to our websites, job applicants, and independent contractors. This policy describes the personal information we collect, use, process, and disclose about individual consumers, applicants, and contractors who visit or interact with our websites, visit any of our affiliated hotels, restaurants, spas, offices and locations, purchase or inquire about any of our products or services, contract with the Company or any affiliated entity to provide services, apply for a position of employment with the Company or any affiliated entity, or otherwise interact or do business with us. This policy does not apply to any affiliated entity’s website, where the affiliated entity’s website is not managed by Sage Hospitality Group.

If you are in the European Economic Area (EEA), please see the GDPR privacy statement that went into effect on May 25, 2018.

Whenever you visit our websites, we will collect some information from you automatically simply by you visiting and navigating through our sites, and some voluntarily when you submit information using a form on the website, enroll in or subscribe to our newsletter or marketing communications, request information, or use any of the other interactive portions of our websites. Through our websites, we will collect information that can identify you and/or your activity.

Additionally, whenever you communicate, interact or do business with us, whether online or at any of our locations, or whether you are contracted to perform services for us or apply for a position of employment, we will be collecting personal information from you or about you in the course of our interaction or dealings with you.

In this policy, the meaning of “personal information” depends on your state of residency: if you reside in California, “personal information” has the meaning of “personal information”, as defined in the California Consumer Privacy Act (“CCPA”); if you reside in Colorado, “personal information” has the meaning of “personal data” as defined in the Colorado Privacy Act (“CPA”); if you reside in Oregon, “personal information” has the meaning of “personal data” as defined in the Oregon Consumer Privacy Act (“OCPA”); if you reside in Texas, “personal information” has the meaning of “personal data” as defined in the Texas Data Privacy and Security Act (“TDPSA”); and if you reside in Virginia, “personal information” has the meaning of “personal data” as defined in the Virginia Consumer Data Protection Act (“VCDPA”). 

This policy does not apply to our current and former employees and their family members, dependents, and beneficiaries; if you are a California resident who is a current or former employee of the Company or any affiliated entity, or a family member, dependent, or beneficiary of any of our current or former employees, you may request access to our Employee Privacy Policy by sending an email to yourprivacy@sagehospitalitygroup.com.

 

Collection and Processing of Personal Information and Sensitive Personal Information

Based on your specific transactions and interactions with us or our websites, we will or may collect, and we have in the last 12 months collected, the following categories of personal information about you. The term “sold” in the table below refers to disclosure of personal information of residents of California, Colorado, Texas, or Oregon in exchange for valuable consideration. The Company does not “sell” the personal information of residents of Virginia for monetary consideration.

Category: Personal Identifiers

Examples: Name, alias, social security number, and date of birth.

Disclosed in Last 12 Months To: Government agencies; Transaction support vendors (e.g., payment processors); Marketing support vendors; Applicant tracking and talent management systems; Security and risk management vendors and consultants, including IT, cybersecurity, and privacy vendors and consultants; Consulting and investigation firms, including human resources consultants, safety consultants, and workplace investigators

We May Collect, Process and Disclose for the Following Business Purposes: To fulfill or meet the purpose for which you provided the information, Marketing and sales activities; To process, complete, and maintain records on transactions; To schedule, manage and keep track of customer appointments; To respond to consumer inquiries, including requests for information, customer support online, and phone calls; To provide interest-based advertising; To contact you by email, telephone calls, mail, SMS, or other equivalent forms of communication regarding updates or informative communications; To improve user experience on our website; To understand the demographics of our website visitors; To detect security incidents; To protect against malicious or illegal activity and prosecute those responsible; To verify and respond to consumer requests; To prevent identity theft; Tax document reporting; Processing customer payments; Job applicant recruiting activities, including tracking applicant data and application processes, and evaluate applicants; Monitor security controls for electronic networks; Perform background checks;

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: If included in documents encompassed by another category, longest applicable retention period for another category as set forth in this table; If you are a job applicant and are hired by the Company, then name will be retained permanently, and the rest will be retained for duration of employment plus 6 years. If you are not hired, this data will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer; If you are an independent contractor, this data will be retained for duration of our relationship with you plus 4 years; For all other relationships: duration of our relationship with you plus 7 years.

 

Category: Contact Information

Examples: Home, postal or mailing address, email address, home phone number, cell phone number.

Disclosed in Last 12 Months To: Government agencies; Financial institutions; Marketing support vendors; Applicant tracking and talent management systems; Consulting and investigation firms, including human resources consultants, safety consultants, and workplace investigators; Communication support vendors

We May Collect, Process and Disclose for the Following Business Purposes: To fulfill or meet the purpose for which you provided the information; Marketing and sales activities; To process, complete, and maintain records on transactions; To schedule, manage and keep track of customer appointments; To respond to consumer inquiries, including requests for information, customer support online, and phone calls; To provide interest-based advertising; To contact you by email, telephone calls, mail, SMS, or other equivalent forms of communication regarding updates or informative communications; To understand the demographics of our website visitors; To detect security incidents; To protect against malicious or illegal activity and prosecute those responsible; To verify and respond to consumer requests; Tax document reporting.

Processing customer payments; Job applicant recruiting activities, including tracking applicant data and application processes, and evaluate applicants; Monitor security controls for electronic networks; Perform background checks; To fulfill or meet the purpose for which you provided the information; Job applicant recruiting activities, including tracking applicant data and application processes, and evaluate applicants; Perform background checks; Access internet at our properties.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: If included in documents encompassed by another category, longest applicable retention period for another category as set forth in this table; If you are a job applicant and are hired by the Company, then name will be retained permanently, and the rest will be retained for duration of employment plus 6 years. If you are not hired, this data will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer; If you are an independent contractor, this data will be retained for duration of our relationship with you plus 4 years; For all other relationships: duration of our relationship with you plus 7 years.

 

Category: Account Information

Examples: Username and password for Company accounts and systems (including where a job applicant or candidate must create an account to apply for a job), and any required security or access code, password, or credentials allowing access to your Company accounts.

Disclosed in Last 12 Months To: Security and risk management vendors and consultants, including IT, cybersecurity, and privacy vendors and consultants

We May Collect, Process and Disclose for the Following Business Purposes: To grant access to Company accounts and systems; Ensure security of Company data accessed through Company account and systems

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: For independent contractors, Username: contract term plus 90 days; Password or security code: while in use. Otherwise, Username: permanent; Password or security code: while in use.

 

Category: Protected Classifications

Examples: Race, sex, gender, age, disability, medical condition, military status, and familial status.

Disclosed in Last 12 Months To: Government agencies; Marketing support vendors

We May Collect, Process and Disclose for the Following Business Purposes: Reporting applicant demographics to government agencies; Marketing activities

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: Duration of our relationship with you plus 4 years. This data is not collected from or about job applicants (unless required by law or government contract).

 

Category: Commercial Transactional Data

Examples: Information regarding products or services provided, purchasing history.

Disclosed in Last 12 Months To: Financial institutions; Transaction support vendors (e.g., payment processors); Reservation and marketing support vendors.

We May Collect, Process and Disclose for the Following Business Purposes: To fulfill or meet the purpose for which you provided the information; Marketing and sales activities; To process, complete, and maintain records on transactions; To respond to consumer inquiries, including requests for information, customer support online, and phone calls; To provide interest-based advertising; To verify and respond to consumer requests; Processing customer payments.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: 7 years after transaction, unless necessary to maintain for product warranty, OSHA or other regulatory compliance.

 

Category: Internet, Network, and Computer Activity

Examples: Date and time of your visit to this website; webpages visited; links clicked on the website; browser ID; browser type; device ID; whether accessing from a mobile device; and internet or other electronic network activity information related to usage of Company networks, servers, intranet, or shared drives, as well as Company-owned computers and electronic devices, including system and file access logs, security clearance level, browsing history, search history, and usage history.

Disclosed in Last 12 Months To: Marketing support vendors ; Data analytics vendors; Security and risk management vendors and consultants, including IT, cybersecurity, and privacy vendors and consultants

We May Collect, Process and Disclose for the Following Business Purposes: To fulfill or meet the purpose for which you provided the information; Marketing and sales activities; To process, complete, and maintain records on transactions; To schedule, manage and keep track of customer appointments; To respond to consumer inquiries, including requests for information, customer support online, and phone calls; To provide interest-based advertising; To process for targeted advertising; To improve user experience on our website; To understand the demographics of our website visitors; To detect security incidents; To protect against malicious or illegal activity and prosecute those responsible; Monitor security controls for electronic networks; Access internet at our properties.

Sold or Shared in Last 12 Months To Sold to: website data analytics vendors; Shared (for cross-context behavioral advertising) with: internet marketing vendors.

Retention Period: For independent contractors, duration of our relationship with you plus 4 years. Otherwise, 3 years.

 

Category: Geolocation Data

Examples: IP address and/or GPS location (latitude & longitude).

Disclosed in Last 12 Months To: Marketing support vendors; Data analytics vendors; Security and risk management vendors and consultants, including IT, cybersecurity, and privacy vendors and consultants

We May Collect, Process and Disclose for the Following Business Purposes: To fulfill or meet the purpose for which you provided the information; Marketing and sales activities; provide interest-based advertising; To process for targeted advertising; To understand the demographics of our website visitors; To detect security incidents; To protect against malicious or illegal activity and prosecute those responsible; Monitor security controls for electronic networks.

Sold or Shared in Last 12 Months To Sold to: website data analytics vendors; Shared (for cross-context behavioral advertising) with internet marketing vendors

Retention Period: 3 years

 

Category: Online Portal and Mobile App Access and Usage Information

Examples: Username and password, account history, usage history, file access logs, security clearance level, and any information submitted through the account.

Disclosed in Last 12 Months To: Security and risk management vendors and consultants, including IT, cybersecurity, and privacy vendors and consultants

We May Collect, Process and Disclose for the Following Business Purposes: To grant access to Company accounts and systems; Ensure security of Company data accessed through Company account and systems; To improve user experience on our website.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: Username kept indefinitely; passwords while in use; rest for 3 years.

 

Category: Visual, Audio or Video Recordings

Examples: Your image when recorded or captured in surveillance camera footage.

Disclosed in Last 12 Months To: Security and risk management vendors and consultants, including IT, cybersecurity, and privacy vendors and consultants; Government agencies.

We May Collect, Process and Disclose for the Following Business Purposes: To detect security incidents; To protect against malicious or illegal activity and prosecute those responsible.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: Surveillance video: 45-90 days.

 

Category: Inferences

Examples: Based on analysis of the personal information collected, we may develop inferences regarding employees’ preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes for purposes of employment and management decisions related to staffing, assignments, responsibilities, team composition, hiring, promotion, demotion, and termination, among other things.

Disclosed in Last 12 Months To: Not applicable.

We May Collect, Process and Disclose for the Following Business Purposes: Marketing and sales activities; Evaluate applicants for potential hire.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: For job applicants, if hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer. Otherwise, duration of our relationship with you plus 7 years.

 

Category: Pre-Hire Information (For Job Applicants) / Pre-Contract Information (For Independent Contractors)

Examples: Information provided in your job application or resume, information gathered as part of background screening and reference checks, pre-hire drug test results, job interview notes by persons conducting job interviews for the Company, information contained in candidate evaluation records and assessments, and voluntary disclosures by you.

Disclosed in Last 12 Months To: Applicant tracking and talent management systems; Consulting and investigation firms, including human resources consultants, safety consultants, and workplace investigators

We May Collect, Process and Disclose for the Following Business Purposes: Evaluate applicants for potential hire; Conduct background checks.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: For job applicants, if hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer. For independent contractors, duration of our relationship with you plus 4 years.

 

Category: Employment and Education History (For Job Applicants)

Examples: Information contained in job applicants’ resumes regarding educational history, information in transcripts or records of degrees, vocational certifications obtained, and information regarding prior job experience, positions held, and when permitted by applicable law your salary history or expectations.

Disclosed in Last 12 Months To: Applicant tracking and talent management systems; Consulting and investigation firms, including human resources consultants, safety consultants, and workplace investigators

We May Collect, Process and Disclose for the Following Business Purposes: Evaluate applicants for potential hire;Conduct background checks.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: If hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer.

 

Category: Professional-Related Information (For Independent Contractors)

Examples: Information on independent contractors contained in tax forms/1099 forms, safety records, licensing and certification records, and performance records, and information related to services provided by independent contractors, including in statements of work.

Disclosed in Last 12 Months To: Government agencies; Financial institutions; Consulting and investigation firms, including human resources consultants, safety consultants, and workplace investigators

We May Collect, Process and Disclose for the Following Business Purposes: Evaluate contractors for potential hire; Tax reporting requirements; Contracting with and payment to contractors.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: For independent contractors, duration of our relationship with you plus 4 years.

 

Category: Facility & Systems Access Records

Examples: Information identifying you if you accessed our secure facilities, systems, networks, computers, and equipment and at what times using their keys, badges, or other security access method.

Disclosed in Last 12 Months To: Security and risk management vendors and consultants, including IT, cybersecurity, and privacy vendors and consultants

We May Collect, Process and Disclose for the Following Business Purposes: Grant access to facilities and systems; To detect security incidents; To protect against malicious or illegal activity and prosecute those responsible.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: 2 years

 

Category: Medical and Health Information

Examples: Information related to symptoms, exposure, contact tracing, pandemics, or other public health emergency.

Disclosed in Last 12 Months To: Not Disclosed

We May Collect, Process and Disclose for the Following Business Purposes: To reduce the risk of spreading infectious diseases in or through the workplace; To protect job applicants, independent contractors, and other consumers from exposure to infectious diseases (e.g., COVID-19); To comply with local, state, and federal law, regulations, ordinances, guidelines, and orders relating to infectious diseases, pandemics, outbreaks, and public health emergencies, including applicable reporting requirements; To facilitate and coordinate pandemic-related initiatives and activities (whether Company-sponsored or through the U.S. Center for Disease Control and Prevention, other federal, state and local governmental authorities, and/or public and private entities or establishments, including vaccination initiatives); To identify potential symptoms linked to infectious diseases, pandemics, and outbreaks (including through temperature checks, antibody testing, or symptom questionnaire); To permit contact tracing relating to any potential exposure to infectious diseases; To communicate with job applicants, independent contractors, and other consumers regarding potential exposure to infectious diseases (e.g., COVID-19) and properly warn others who have had close contact with an infected or symptomatic individual so that they may take precautionary measures, help prevent further spread of the virus, and obtain treatment, if necessary.

Sold or Shared in Last 12 Months To: Not Sold or Shared (for cross-context behavioral advertising)

Retention Period: 2 years. Job Applicants: If hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer.

 

For job applicants and contractors that are residents of California, we may collect your personal information (including the categories described in the above tables) for the following additional business purposes:

1.     JOB APPLICANT PURPOSES:

a.     To fulfill or meet the purpose for which you provided the information. For example, if you share your name and contact information to apply for a job with the Company, we will use that Personal Information in connection with your candidacy for employment.

b.     To comply with local, state, and federal law and regulations requiring employers to maintain certain records, as well as local, state, and federal law, regulations, ordinances, guidelines, and orders relating to infectious diseases, pandemics, outbreaks, and public health emergencies, including applicable reporting requirements.

c.     To evaluate your job application and candidacy for employment.

d.     To obtain and verify background check and references.

e.     To communicate with you regarding your candidacy for employment.

f.      To permit you to create a job applicant profile, which you can use for filling out future applications if you do not get the job you are applying for.

g.     To keep your application on file even if you did not get the job applied for, in case there is another position for which we want to consider you as a candidate even if you do not formally apply.

h.     To evaluate and improve our recruiting methods and strategies.

i.      To engage in lawful monitoring of job applicant activities and communications when they are on Company premises, or utilizing Company internet and WiFi connections, computers, networks, devices, software applications or systems.

j.      To engage in corporate transactions requiring review or disclosure of job applicant records subject to non-disclosure agreements, such as for evaluating potential mergers and acquisitions of the Company.

k.     To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company related to recruiting or processing of data from or about job applicants.

l.      To improve job applicant experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.

m.   To reduce the risk of spreading infectious diseases in or through the workplace.

2.     INDEPENDENT CONTRACTOR AND BUSINESS-TO-BUSINESS PURPOSES:

a.     To fulfill or meet the purpose for which you provided the information.

b.     To comply with state and federal law and regulations requiring businesses to maintain certain records (accident or safety records, and tax records/1099 forms).

c.     To engage the services of independent contractors and compensate them for services.

d.     To evaluate, make, and communicate decisions regarding an independent contractor, including decisions to hire and/or terminate.

e.     To grant independent contractors access to secure Company facilities, systems, networks, computers, and equipment, and maintain information on who accessed such facilities, systems, networks, computers, and equipment, and what they did therein or thereon.

f.      To implement, monitor, and manage electronic security measures on independent contractor devices that are used to access Company networks and systems.

g.     To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company.

h.     To improve user experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.

i.      To reduce the risk of spreading infectious diseases in or through the workplace.

State Of Residency: California

Categories of Sensitive Personal Information or Sensitive Data that is Collected or Processed: Personal Identifiers (social security number); Account Information (your Company account log-in, in combination with any required security or access code, password, or credentials allowing access to the account); Protected Classifications (Race, sex, gender, age, disability, medical condition, military status, or familial status.); Medical and Health Information Geolocation Data (IP address and/or GPS location, latitude & longitude.

Personal Information or Personal Data does not include: Publicly available information from government records; Information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer, independent contractor, or applicant, or from widely distributed media; Information made available by a person to whom the consumer, independent contractor, or applicant has disclosed the information if the consumer, independent contractor, or applicant has not restricted the information to a specific audience; Deidentified or aggregated information.

 

State of Residency: Colorado

Categories of Sensitive Personal Information or Sensitive Data that is Collected or Processed: Personal data revealing race, sex, gender, age, disability, medical condition, military status, or familial status

Personal Information or Personal Data does not include: De-identified data or; Publicly available information.

 

State of Residency: Oregon

Categories of Sensitive Personal Information or Sensitive Data that is Collected or Processed: Reveals a consumer’s race, sex, gender, age, disability, medical condition, military status, or familial status; Accurately identifies within a radius of 1,750 feet a consumer’s present or past location, or the present or past location of a device that links or is linkable to a consumer by means of technology that includes, but is not limited to, a global positioning system that provides latitude and longitude coordinate. This does not include the content of communications or any data generated by or connected to advanced utility metering infrastructure systems or equipment for use by a utility.

Personal Information or Personal Data does not include: Data that is lawfully available through federal, state or local government records or through widely distributed media; Data that a controller reasonably has understood to have been lawfully made available to the public by a consumer.

 

State of Residency: Texas

Categories of Sensitive Personal Information or Sensitive Data that is Collected or Processed: Personal data revealing race, sex, gender, age, disability, medical condition, military status, or familial status; Precise geolocation data.

Personal Information or Personal Data does not include: De-identified data; Publicly available information.

 

State of Residency: Virginia

Categories of Sensitive Personal Information or Sensitive Data that is Collected or Processed: Personal data revealing race, sex, gender, age, disability, medical condition, military status, or familial status; Precise geolocation data.

Personal Information or Personal Data does not include: De-identified data; Publicly available information.

 

We May Collect Your Personal Information From The Following Sources:

·      You the consumer, independent contractor, or job applicant, when you visit the website and voluntarily submit information through forms on the website or social media, when you visit any of our stores or physical locations, when you purchase or inquire about any of our products or services, when you enter into a contract to perform services for us, or when you apply for a position of employment.

·      Our employees and contractors, when you interact with them.

·      Other customers and visitors, when you interact with them or when they observe you.

·      We utilize cookies to automatically collect information about our website visitors.

·      Surveillance cameras at our physical locations.

·      Background screening companies.

·      Recruiters and staffing agencies.

·      Career sites or platforms like LinkedIn and Indeed.

·      Social media platforms.

·      Personal references and former employers.

·      Company-issued computers and  electronic devices.

·      Company systems, networks, software applications, and databases you log into or use.

·      Personal references and former employers (if you are a job applicant)

·      Schools, universities, or other educational institutions which you attended (if you are a job applicant)

 

We do NOT sell or share your personal information in exchange for monetary consideration. However, excluding job applicants and independent contractors, if you are a resident of California, Colorado, Oregon, or Texas, we may sell or share some of your information to third parties for other valuable consideration, as noted in the table above.

We May Sell or Share Your Personal Information For The Following Business or Commercial Purposes:

·      To provide interest-based and targeted advertising.

·      To receive data analytics services regarding our website traffic.

 

Other than these two exceptions, we do not and will not disclose your personal information to any third party in exchange for other valuable consideration or share your personal information for cross-context behavioral advertising.

Notice Of Right Of California Residents To Opt-Out Of The Selling And Sharing Of Your Information

While we do not sell or share your personal information in exchange for money, we may sell or share your personal information (excluding applicants and independent contractors) for other valuable consideration. You have the right to tell us NOT to sell or share your personal information. You have the full and free right to opt-out of our disclosure of your personal information to any third parties where the disclosure constitutes “selling” or “sharing” as defined by the California Privacy Rights Act. You may exercise your right to opt-out without fear of discrimination for doing so. To opt-out of our selling or sharing of your information, meaning, we will not disclose your information to third parties for other valuable consideration, you can do any of the following:

 

·      To submit an online opt-out email us at yourprivacy@sagehospitalitygroup.com;

·      Visit the Company’s website at: www.sagehospitalitygroup.com. Click on “Your California Privacy Rights” to be taken to an online submission form;

·      Inquire with the front desk associate at the property where you are staying or ask the host at the restaurant where you are dining to provide a paper opt-out submission form;

·      You can use a Global Privacy Controls (GPC) signal. We will process opt-out preferences from GPC signals, which are in formats commonly used and recognized by businesses, such as an HTTP field header, as requests to opt-out of sale or sharing. The GPC signal opt-out will only apply to the browser you are using on your device; it will not apply to other browsers and/or devices to which GPCs are not activated or to offline sales;

·      If you are unable to submit an opt-out through any of the above methods, please call our toll-free privacy line at (883)-700-2444 for assistance and a representative will assist in meeting your needs.

 

You can have an authorized agent submit a request on your behalf. To submit an opt-out through use of an authorized agent, you must provide that agent with written permission signed by you to submit an opt-out on your behalf, except when using an opt-out preference signal. The authorized agent may call our toll-free privacy line at (883)700-2444 to make the opt-out request and for directions for submitting the proof of authorization and the authorized agent’s proof of identification to us. We maintain the right to deny any request from an authorized agent that does not submit sufficient proof that they have been authorized by you to act on your behalf.

 

A request to opt-out need not be a verifiable consumer request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Notice of Rights of Colorado Residents Regarding Processing of Sensitive Data and Right to Opt-Out Of The Sale Of Personal Information and Processing Of Personal Information For Targeted Advertising

As provided by the Colorado Privacy Act (CPA), we do not process your sensitive data without obtaining your consent. We do not process sensitive data concerning a known child without processing such data in accordance with the federal Children’s Online Privacy Protection Act (15 U.S.C. § 6501 et seq.).

 

Additionally, you have the right to opt out of the sale of your Personal Information to third parties, the use of your Personal Information for targeted advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. You may exercise your right to opt out without fear of discrimination for doing so. To exercise your right to opt out of the sale of your Personal Information and the use of your Personal Information for targeted advertising, you can do any of the following:

 

·      To submit an online opt-out email us at yourprivacy@sagehospitalitygroup.com;

·      Inquire with the front desk associate at the property where you are staying or ask the host at the restaurant where you are dining to provide a paper opt-out submission form;

 

·      If you are unable to submit a request to opt-out through any of the above methods, please call our toll-free privacy line at (883)700-2444 for assistance and a representative will assist in meeting your needs.

 

A request to opt out must be a verifiable request. We may deny a request to opt out if we are unable to authenticate the request through commercially reasonable efforts, or we may ask for additional information that is reasonably necessary to authenticate the request. This request to opt out does not apply to job applicants or independent contractors.

Notice of Rights of Virginia Residents Regarding Processing of Sensitive Data And Right to Opt Out of the Sale Of Personal Information and Processing Of Personal Information For Targeted Advertising

As provided by the Virginia Consumer Data Protection Act (“VCDPA”), we do not process your sensitive data without obtaining your consent. We do not process sensitive data concerning a known child without processing such data in accordance with the federal Children’s Online Privacy Protection Act (15 U.S.C. § 6501 et seq.).

Additionally, you have the right to opt out of the sale of your Personal Information to third parties, the use of your Personal Information for targeted advertising. You may exercise your right to opt out without fear of discrimination for doing so. To exercise your right to opt out of the sale of your Personal Information, the use of your Personal Information for targeted advertising, you can do any of the following:

·      To submit an online opt-out email us at yourprivacy@sagehospitalitygroup.com.

·      Inquire with the front desk associate at the property where you are staying or ask the host at the restaurant where you are dining to provide a paper opt-out submission form;

·      If you are unable to submit a request to opt-out through any of the above methods, please call our toll-free privacy line at (883)-700-2444 for assistance and a representative will assist in meeting your needs.

 

A request to opt out must be a verifiable request. We may deny a request to opt out if we are unable to authenticate the request through commercially reasonable efforts, or we may ask for additional information that is reasonably necessary to authenticate the request. This request to opt out does not apply to Virginia job applicants or independent contractors.

Opt-Out Preference Signals

Opt-out preference signals provide consumers with a simple and easy-to-use method by which to exercise the right to opt-out of the selling and sharing of their information. Global Privacy Controls (GPC) or Universal Opt-Out Mechanism (UOOM) are user-enabled opt-out preference signals. We will process opt-out preferences from GPC and UOOM signals which are in formats commonly used and recognized by businesses, such as an HTTP field header. We will treat a consumer’s use of GPCs or UOOMs as, for California residents, a valid request to opt-out of the selling and sharing of information for that browser, and, for Colorado residents, a valid request to request to opt out of sale and processing for purposes of targeted advertising for that browser. We currently do not connect browser use to particular consumers and, as such, you will need to use GPCs or UOOMs on all browsers in which you access our website and use our opt-out form to opt-out of offline sales.

Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals or other mechanisms (with the exception of GPCs and UOOMs) that provide a choice regarding the collection of personal information about activities over time and across different websites or online services. We encourage users who have DNTs to use GPCs or UOOMs.

For California Residents, We Do And Will Use Or Disclose Your Sensitive Personal Information For Purposes Other Than The Following:

1.              To perform the services reasonably expected by an average consumer who requests those services;

2.              To detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information;

3.              To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions;

4.              To ensure the physical safety of natural persons;

5.              For short-term, transient use;

6.              To perform services on our behalf;

7.              To verify or maintain the quality or safety of a product, service or device that is owned, manufactured, manufactured for, or controlled by the Company, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the Company;

8.              For purposes that do not involve inferring characteristics about the consumers, contractors, and applicants.

 

Notice of Rights of California Residents to Limit The Use of Your Sensitive Personal Information

As provided by the California Privacy Rights Act, you have the right to limit our use or disclosure of your sensitive personal information to uses that are necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those services or goods. You have the full and free right to limit our use or disclosure of your sensitive personal information as defined by the California Privacy Rights Act. You may exercise your right to limit without fear of discrimination for doing so. To limit the use or disclosure of your sensitive personal information, you can do any of the following:

 

·      To submit an online request to limit email us at yourprivacy@sagehospitalitygroup.com.

·      Visit the Company’s website at: www.sagehospitalitygroup.com. Click on “Your California Privacy Rights” to be taken to an online submission form;

·      Inquire with the front desk associate at the property where you are staying or ask the host at the restaurant where you are dining to provide a paper opt-out submission form;

·      If you are unable to submit an opt-out through any of the above methods, please call our toll-free privacy line at (883)-700-2444 for assistance and a representative will assist in meeting your needs.

 

You can have an authorized agent submit a request to limit on your behalf. To submit a request to limit through use of an authorized agent you must provide that agent with written permission signed by you to submit an opt-out on your behalf. The authorized agent may call our toll-free privacy line at (883)-700-2444 to make the request to limit and for directions for submitting the proof of authorization and the authorized agent’s proof of identification to us. We maintain the right to deny any request from an authorized agent that does not submit sufficient proof that they have been authorized by you to act on your behalf.

A request to limit need not be a verifiable request. However, we may deny a request to limit if we have a good faith, reasonable, and documented belief that a request to limit is fraudulent. If we deny your request to limit, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Retention Of Personal Information

We will retain each category of personal information in accordance with our established data retention schedule as indicated above. Some of the retention periods in the retention schedule above are measured from a particular point in time that has not occurred yet, such as the end of employment or end of a relationship (whether business, contractual, or transactional) plus a certain number of years. Where no particular event is defined in the retention schedule as the point from which the retention period is measured, we will measure the retention period from either (1) the date the record or data was collected, created, or last modified, (2) the date of the particular transaction to which the record or data pertains, or (3) another triggering event that is determined to be reasonable and appropriate based on the nature of the data and the legal/business needs for its continued use.

In deciding how long to retain each category of personal information that we collect, we consider many criteria, including, but not limited to: the business purposes for which the Personal Information was collected; relevant federal, state and local recordkeeping laws; applicable statutes of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.

We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the personal information, and legal reasons for retaining the personal information, have both expired. If so, we will purge the information in a secure manner.

Third-party Vendors

We may use other companies and individuals to perform certain functions on our behalf. Examples include administering e-mail services and running special promotions. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose. Subscribers or site visitors will never receive unsolicited e-mail messages from vendors working on our behalf.

Business Transfers

In the event we sell or transfer a particular portion of its business assets, information of consumers, contractors and applicants may be one of the business assets transferred as part of the transaction. If substantially all of our assets are acquired, information of consumers, contractors and applicants may be transferred as part of the acquisition.

Compliance With Law/Safety

We may disclose specific personal and/or sensitive personal information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect our employees or the public.

Use Of Cookies And Other Tracking Technologies

Cookies are small files that a website may transfer to a user’s computer that reside there for either the duration of the browsing session (session cookies) or on a permanent (until deleted) basis (persistent cookies) that may be used to identify a user, a user’s machine, or a user’s behavior. We make use of cookies under the following circumstances and for the following reasons:

·      Provide you with services available through the website and to enable you to use some of its features;

·      Authenticate users and prevent fraudulent use of user accounts;

·      Identify if users have accepted the use of cookies on the website;

·      Compile data about website traffic and how users use the website to offer a better website experience;

·      Understand and save visitor preferences for future visits, such as remembering your login details or language preference, to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use the website;

·      Track your browsing habits to enable us to show advertising which is more likely to be of interest to you, including advertising by third parties on our website.

 

You may delete cookies from your web browser at any time or block cookies on your equipment, but this may affect the functioning of or even block the Website. You can prevent saving of cookies (disable and delete them) by changing your browser settings accordingly at any time. It is possible that some functions will not be available on our Website when use of cookies is deactivated. Check the settings of your browser. Below you can find some guidance:

·      Safari

·      Opera

·      Internet Explorer

·      Google Chrome

·      Mozilla

 

Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. It is an older proposed standard than a GPC or UOOC. The Company does not respond to DNT signals or other mechanisms (with the exception of GPCs and UOOCs) that provide a choice regarding the collection of personal information about activities over time and across different websites or online services, and we encourage users who have DNTs to use GPCs or UOOCs.

External Links

Our website contain links to other sites. We are not responsible for the privacy practices or the content of such websites. To help ensure the protection of your privacy, we recommend that you review the Privacy Policy of any site you visit via a link from our website.

Passwords

The personal data record created through your registration with our website can only be accessed with the unique password associated with that record. To protect the integrity of the information contained in this record, you should not disclose or otherwise reveal your password to third parties.

Children Under The Age Of 16

Our website is not intended for children under 16 years of age. No one under age 16 may provide any personal information on the website. We do not knowingly collect, sell or share any personal information of children under 16. If you are under 16, do not use or provide any information on our website. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at the email address below.

How We Protect The Information That We Collect

The protection of the information that we collect about visitors to this website is of the utmost importance to us and we take every reasonable measure to ensure that protection, including:

·      We keep automatically collected data and voluntarily collected data separate at all times;

·      We use internal encryption on all data stores that house voluntarily captured data;

·      We use commercially reasonable tools and techniques to protect against unauthorized access to our systems;

·      We restrict access to private information to those who need such access in the course of their duties for us.

·      HTTPS, only TLS 1.2, is adopted for data transferring.

 

For Applicable Individuals as Discussed in the Below State-Specific Sections on Consumer Rights, You Can Submit Any Of The Below Types Of Consumer Rights Requests Through Any Of These 4 Options:

·      Submit an online request by emailing us at yourprivacy@sagehospitalitygroup.com;

·      Call our privacy toll-free line at (883)-700-2444;

·      Complete a paper form, which can be requested by writing to us at Sage Hospitality Group, 1575 Welton Street, Suite 300, Denver, CO 80202, Attention: Director IT Security to request a paper submission form.

·      Complete a paper form, which can be requested by inquiring with the front desk associate at the property where you are staying or ask the host at the restaurant where you are dining to provide a paper submission form;

 

 

For California Residents

This section of the Privacy Policy applies only to California residents who are natural persons. If you are a California resident, you have the following rights pursuant to the California Consumer Privacy (CCPA) as amended by the California Privacy Rights Act (CPRA):

1.     CCPA/CPRA Right to Know. The right to request, up to 2 times in a 12-month period, that we identify to you (1) the categories of personal information we have collected about you going back to January 1, 2022, unless doing so would be impossible or involve disproportionate effort, or unless you request a specific time period, (2) the categories of sources from which the personal information was collected, (3) the business or commercial purpose for collecting, selling, or sharing this information, (4) the categories of third parties with whom we share or have shared your personal information, (5) as applicable, the categories of personal information that we have sold or shared about you and the categories of third parties to whom the personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared, and (6) the categories of personal information that we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose;

2.     CCPA/CPRA Right to Access. The right to request, up to 2 times in a 12-month period, that we disclose to you, free of charge, the specific pieces of personal information we have collected about you going back to January 1, 2022, unless doing so would be impossible or involve disproportionate effort, or unless you request a specific time period;

3.     CCPA/CPRA Right to Delete. The right to request, up to 2 times in a 12-month period, that we delete personal information that we collected from you, subject to certain exceptions;

4.     CCPA/CPRA Right to Correct. The right to request that we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you;

5.     CCPA/CPRA Right to Opt-Out. The right to opt-out of the selling or sharing of your personal information to third parties (as applicable);

6.     CCPA/CPRA Right to Limit. The right to limit the use or disclosure of your sensitive personal information; we maintain about you;

7.     The CCPA/CPRA right to designate an authorized agent to submit one of the above requests on your behalf. See below for how you can designate an authorized agent;

8.     The CCPA/CPRA right to not be discriminated or retaliated against for exercising any of the above rights, including for California residents an applicant’s and independent contractor’s right not to be retaliated against for exercising the above rights.

 

How We Will Verify That It Is Really You Submitting The Request:

When you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us.

 

Responding To Your Right To Know, Right To Access, And Right To Delete Requests

For California residents, upon receiving a verifiable request, we will confirm receipt of the request no later than 10 business days after receiving it. We endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing.

We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

For California residents, we do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request

For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessarily information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Responding To A California Resident’s Request To Opt-Out Of The Selling Or Sharing Of Your Personal Information

We will act upon a consumer request from a California resident to opt-out within fifteen (15) days of its receipt. We will notify all third parties to whom we have sold or shared personal information of your request and instruct them to comply with the request within the same time frame. We will notify you when this has been completed by mail or electronically, at your option.

 

A request to opt-out by a California resident need not be a verifiable consumer request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Responding To A California Resident’s Request To Limit The Use Of Sensitive Personal Information

For California residents, we will act upon a request to limit the use of sensitive personal information within fifteen (15) business days of its receipt. We will notify all third parties that use or disclose sensitive personal information of your request to limit and instruct them to comply with the request within the same time frame. We will notify you when this has been completed by mail or electronically, at your option.

For California residents, a request to limit need not be a verifiable request. However, we may deny a request to limit if we have a good faith, reasonable, and documented belief that a request to limit is fraudulent. If we deny your request to limit, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

If You Have An Authorized Agent

If you are a California resident, you can authorize someone else as an authorized agent who can submit a request on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney or (b) provide other written, signed authorization that we can then verify. When we receive a request submitted on your behalf by an authorized agent who does not have a power of attorney, that person will be asked to provide written proof that they have your permission to act on your behalf, and we will also contact you and ask you for information to verify your own identity directly with us and not through your authorized agent. We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf.

California Shine The Light:

The California Civil Code permits California Residents with whom we have an established business relationship to request that we provide you with a list of certain categories of personal information that we have disclosed to third parties for their direct marketing purposes during the preceding calendar year. To make such a request, please send an email yourprivacy@sagehospitalitygroup.com, or write to us at the address listed below. Please mention that you are making a “California Shine the Light” inquiry.

For Colorado Residents

This section of the Privacy Policy applies only to Colorado residents who are natural persons acting in an individual or household context, and acting outside a commercial or employment context, such as a job applicant. If you are a Colorado resident acting in an individual or household context, you have the following rights under the Colorado Privacy Act (CPA):

 

1.     Right to Opt-out. For Colorado residents, the right to opt-out of the processing of Personal Information for purposes of: (i) targeted advertising or (ii) the sale of Personal Information;

2.     Right of access. For Colorado residents, the right to confirm whether we are processing Personal Information concerning you and to access the your Personal Information;

3.     Right to correction. For Colorado residents, the right to request that we correct inaccurate Personal Information (to the extent such an inaccuracy exists) that we maintain about you;

4.     Right to deletion. For Colorado residents, the right to delete Personal Information concerning you;

5.     Right to data portability. For Colorado residents, up to two (2) times per calendar year, the right to have requested data under the right to access provided in a portable and, to the extent technically feasible, readily usable format.

6.     The right to designate an authorized agent to submit one of the above requests on your behalf. See below for how you can designate an authorized agent.

 

PROCEDURE TO APPEAL REFUSAL TO TAKE ACTION ON REQUESTS UNDER THE CPA

For Colorado residents, under the CPA, if your requests are manifestly unfounded, excessive, or repetitive, we may charge you a reasonable fee to cover the administrative costs of complying with you requests, or we may decline to act on the request.

You may appeal our refusal to take action on a request within 30 calendar days after your receipt of our decision. In order to submit an appeal, you may call our privacy toll-free line at (883) 700-2444 to request an appeal form, which must be returned within 30 calendar days of your receipt of our decision. Within 45 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions, or inform you of a 60 day extension and the reasons for the extension. If the appeal is denied, we will also provide you with a method through which you may contact the Colorado Attorney General to submit a complaint. (This appeal process does not apply to Colorado job applicants or independent contractors.)

For Oregon Residents

This section of the Privacy Policy applies only to Oregon residents who are natural persons. If you are an Oregon resident, you have the following rights pursuant to the Oregon Consumer Privacy Act (OCPA):

 

1.     Right to Know. The right to request that we identify to you (1) whether we are processing or have processed your personal information, and (2) the categories of personal information we have collected about you.  We have the discretion of whether to provide a list of specific third parties (that are non-natural persons) we disclosed your personal data or any personal data;

2.     Right to Access. The right to request that we disclose to you, a copy of the specific pieces of personal information we are or have processed about you.  To the extent it is technically feasible, we will provide such information in a readily usable format;

3.     Right to Delete. The right to request that we delete personal information that we collected from you, subject to certain exceptions;

4.     Right to Correct. The right to request that we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you;

5.     Right to Opt-Out. The right to opt-out of the processing of your personal information for the purposes of targeted advertising or sale of personal data;

6.     The right to designate an authorized agent to submit one of the above requests on your behalf. See below for how you can designate an authorized agent; and

7.     The right to not be discriminated or retaliated against for exercising any of the above rights, including the denial of goods or services, being charged different prices or rates, or being provided a different level of quality or selection of services.

 

How We Will Verify That it is Really You Submitting the Request

If you are an Oregon resident, when you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us. For example, we may need you to provide your name, email, phone number, IP address, browser ID, amount of your last purchase with the business, and/or date of your last transaction with the business.

Responding to Your Right to Know, Right to Access, Right to Delete, and Right to Correct Requests

Upon receiving a verifiable request from an Oregon resident, we endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable request unless it is your second or any other subsequent requests made in a 12-month period. No fee will be placed on any requests to correct or delete.

For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessarily information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Responding to Your Request to Opt-Out of the Selling or Sharing of Your Personal Information

We will act upon a consumer request to opt-out within forty-five (45) days of its receipt. We will notify all processors and third parties to whom we have sold or shared personal information of your request and instruct them to comply with the request within the same time frame. We will notify you when this has been completed by mail or electronically, at your option.

A request to opt-out need not be a verifiable consumer request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

If You Have an Authorized Agent:

If you are an Oregon resident, you can authorize someone else as an authorized agent who can submit a request on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney or (b) provide other written, signed authorization that we can then verify. When we receive a request submitted on your behalf by an authorized agent who does not have a power of attorney, that person will be asked to provide written proof that they have your permission to act on your behalf, and we will also contact you and ask you for information to verify your own identity directly with us and not through your authorized agent. We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf.

 

PROCEDURE TO APPEAL REFUSAL TO TAKE ACTION ON REQUESTS UNDER THE OCPA

For Oregon residents, under the OCPA, if your requests are manifestly unfounded, excessive, or repetitive, we may charge you a reasonable fee to cover the administrative costs of complying with you requests, or we may decline to act on the request.

You may appeal our refusal to take action on a request within 30 calendar days after your receipt of our decision. In order to submit an appeal, you may call our privacy toll-free line at (883)700-2444 to request an appeal form, which must be returned within 30 calendar days of your receipt of our decision. Within 45 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, we will also provide you with a method through which you may contact the Oregon Attorney General to submit a complaint. (This appeal process does not apply to Oregon job applicants or independent contractors.)

For Texas Residents

This Section describes the Consumer Rights available to Texas Residents under the Texas Data Privacy and Security Act (“TDPSA”), Tex. Bus. & Comm. Code §§ 541.001-541.205. Rights described in this section apply only to an individual who is a resident of Texas acting only in an individual or household context and specifically excludes an individual acting in a commercial or employment context.

If you are a Texas Resident, the TDPSA provides the following rights:

·      Right to Know/Access: You have the right to confirm whether we are processing your personal data and, if so, you are entitled to make such a request at least twice annually free of charge, unless we find your request is manifestly unfound, excessive, or repetitive. In such a case, we may charge you a reasonable fee to cover the administrative cost of complying with your request or decline to act on the request.

·      Right to Correct: You have the right to correct inaccuracies in your data, taking into account the nature of your personal data and purposes for which we process it.

·      Right to Delete: You have the right to request deletion of your personal data you provided to us or which we obtained about you as a consumer.

·      Right to Data Portability: If your personal data is available in digital format, you are entitled to obtain a copy of your personal data that you previously provided to us in portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller without hinderance.

·      Right to Opt-Out: You have the right to opt-out of processing of your personal data for the purposes of targeted advertising or the sale of personal data.

·      Nondiscrimination: The TDPSA prohibits discrimination against a consumer for exercising any of the consumer rights contained in the Act, including by denying goods or services, charging different prices or rates for goods or services, or providing a different level of quality of goods or services to the consumer.

·      Appeal: The TDPSA provides that you have the right to appeal any refusal we make to take action on a consumer request you submit to us in connection with your rights under the Act.

 

Responding To Your Right To Know, Right To Access, And Right To Delete Requests

For Texas residents, upon receiving a verifiable request, we will confirm receipt of the request no later than 45 business days after receiving it. We endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

For Texas residents, we do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessarily information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

PROCEDURE TO APPEAL REFUSAL TO TAKE ACTION ON REQUESTS UNDER THE TDPSA

For Texas residents, under the TDPSA, if your requests are manifestly unfounded, excessive, or repetitive, we may charge you a reasonable fee to cover the administrative costs of complying with you requests, or we may decline to act on the request.

You may appeal our refusal to take action on a request within 30 calendar days after your receipt of our decision. In order to submit an appeal, you may call our privacy toll-free line at (883)-700-2444 to request an appeal form, which must be returned within 30 calendar days of your receipt of our decision. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, we will also provide you with a method through which you may contact the Texas Attorney General to submit a complaint. (This appeal process does not apply to Texas job applicants or independent contractors.

For Virginia Residents

This section of the Privacy Policy applies only to Virginia residents who are natural persons acting in an individual or household context.

If you are a Virginia resident acting in an individual our household context, you have the following rights under the Virginia Consumer Data Protection Act (VCDPA):

·      Right to Know. The right to request, up to 2 times annually, confirmation of whether or not we are processing your Personal Information;

·      Right to Access. The right to request, up to 2 times annually, that we disclose to you, free of charge, the specific pieces of Personal Information we are processing about you;

·      Right to Delete. The right to request, up to 2 times in a 12-month period, that we delete personal information that we collected from you, subject to certain exceptions;

·      Right to Correct. The right to request that we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you;

·      Right to Opt-Out. The right to opt-out of the processing of Personal Information for purposes of: (i) targeted advertising or (ii) the sale of Personal Information;

·      The right to not be discriminated or retaliated against for exercising any of the above rights.

 

PROCEDURE TO APPEAL REFUSAL TO TAKE ACTION ON REQUESTS UNDER THE VCDPA

For Virginia residents, under the VCDPA, if your requests are manifestly unfounded, excessive, or repetitive, we may charge you a reasonable fee to cover the administrative costs of complying with you requests, or we may decline to act on the request.

You may appeal our refusal to take action on a request within 30 calendar days after your receipt of our decision. In order to submit an appeal, you may call our privacy toll-free line at (883)-700-2444 to request an appeal form, which must be returned within 30 calendar days of your receipt of our decision. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, we will also provide you with a method through which you may contact the Virginia Attorney General to submit a complaint. (This appeal process does not apply to Virginia job applicants or independent contractors.)

How We Will Verify That it is Really You Submitting the Request

When you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct or Right to Opt out request through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us.

Responding to Your Right to Know, Right to Access, Right to Delete, Right to Correct Requests

For Virginia residents, we endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period within the initial 45-day period after receipt of your request.

For Virginia residents, we do not charge a fee for up to 2 requests annually, unless the requests are manifestly unfounded, excessive, or repetitive, in which case we may charge you a reasonable fee to cover the administrative costs of complying with the requests, or we may decline to act on the request.

 

For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessary information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Responding to a Virginia Resident’s Request to Opt-Out of Targeted Advertising and Selling of Personal Information

We endeavor to respond to a verifiable request to opt-out within forty-five (45) calendar days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period within the initial 45-day period after receipt of your request.

Consent To Terms And Conditions

By using this website, you consent to all terms and conditions expressed in this Privacy Policy.

Changes To Our Privacy Policy

As our services evolve and we perceive the need or desirability of using information collected in other ways, we may from time to time amend this Privacy Policy. We encourage you to check our website frequently to see the current Privacy Policy in effect and any changes that may have been made to them. If we make material changes to this Privacy Policy, we will post the revised Privacy Policy and the revised effective date on this website. Please check back here periodically or contact us at the address listed at the end of this Privacy Policy.

Consumers With Disabilities

This policy is in a form that is accessible to consumers with disabilities.

Questions About The Policy

This website is owned and operated by the Company. If you have any questions about this privacy policy, please contact us at yourprivacy@sagehospitalitygroup.com or call (883)-700-2444.

 

**This policy was last updated January 16, 2024.