Privacy Notice

Last Updated: January 20, 2023

Effective Date: January 20, 2023

I. INTRODUCTION

This Privacy Notice describes the information ESA Management, LLC and ESH Hospitality Strategies, LLC and its subsidiaries (collectively, “ESH,” “we,” “us,” or “our”) collect about you, how it is used and shared, and your rights and choices with regard to personal information. This Privacy Notice applies to personal information collected by or on behalf of ESH, including information collected at our hotels, our websites at www.extendedstayamerica.com and other websites offered by us (collectively, the “Site”), our social media pages, our mobile application and other software applications that we offer (each an “App”), by email, by phone or other offline method, or anywhere else we link to this Privacy Notice (collectively, the “Services”).

Certain hotels are franchised under the Extended Stay America® family of brands (“Franchised Hotels”). We do not own or operate these hotels, and your personal information collected or maintained directly by Franchised Hotels is not subject to this Privacy Notice.

For purposes of this Privacy Notice, “personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include information that has been aggregated, de-identified, anonymized, or made publicly available in accordance with applicable law.

II. HOW WE COLLECT, USE AND SHARE PERSONAL INFORMATION

A. Information Collection

When accessing our Services, we may collect information about you, including your name, contact information, access credentials, stay preferences, Driver’s license or government ID, health information, and any other information you choose to provide. For example, we may collect this information from you when you make a reservation in our network of hotels, participate in our hotel rewards program, create an account with us, leave a review, contact us, or interact with us for any other purpose. We may also collect your payment information, such as billing address or credit card information, when you make a reservation or otherwise place an order with us.

We (and other entities) may automatically collect personal information from you through your interactions with the Services, including IP address, browser type, language preferences, device operating system, pages viewed on the Site or App, Site and App usage statistics, and other information we collect through the use of cookies and similar technology. We or our service providers may also receive information about your general location by collecting information such as your IP address. We may use location data to analyze certain information, and to improve our Services and relevance of the information we provide to you via the Services. We may also use your location information to enable us to better focus our advertising and marketing efforts and to better tailor your use of the Services to your unique interests and needs. Please note that if you do not share your location information then you may not be able to redeem certain offers and the App may have limited functionality. See the “Digital Analytics & Advertising” section of this Privacy Notice to learn more about the use of this information and the choices available to you.

B. Source of Information

We collect personal information from a number of sources, including the following:

Customers, guests, visitors or other consumers;
Franchised Hotels;
Service providers, including marketing and analytics providers; and
Third parties with whom you engage to access our Services, such as online travel agencies or similar booking sites.

C. Information Use

We may use information collected about you for our business and commercial purposes, including to:

Provide you with services and products you request, including fulfilling reservations, conducting check-in/check-out, and providing Wi-Fi and other incidentals;
Respond to your questions or feedback or otherwise respond to your requests;
Operate, personalize, and improve the Services, including for analytics;
Administer loyalty, travel, or discount programs, including the Extended Perks Discount Program;
Send updates, marketing, and sales promotions you might be interested in;
Maintain security and integrity of our Services and assets and to debug to identify and repair errors that impair existing intended functionality in the Services;
Comply with applicable laws and regulatory requirements, or as requested by government or regulatory authorities or law enforcement, including in response to a court order, subpoena, or other lawful request; and
With your consent or as otherwise disclosed at the time information is collected. permitted by you when we receive your consent.

D. Information Sharing

We may share information we collect with third parties, including the following:

Other entities within our corporate family of companies and joint partners;
Franchised Hotels as necessary to provide Services and operate our brand;
Online travel agencies or similar third-party services you use to book your stay at our hotels or otherwise engage our Services;
Corporate/national account administrators;
Group booking point of contact;
Our service providers, such as payment processors, marketing services, analytics services, and customer experience vendors, who help us operate our business
Law enforcement or other authorities pursuant to a subpoena, warrant, or other legal process as necessary to comply with law or to protect our rights and interests or the safety of you or others;
Prospective or new successor entities in connection with a potential or actual merger, divestiture, acquisition, restructuring, reorganization, dissolution, change of control, or other sale or transfer of some or all of our assets, including as part of bankruptcy proceeding; and
With your consent or as otherwise disclosed at the time of data collection or sharing.

We may share aggregate or deidentify information without limitation.

Please note California law gives consumers the right to opt out of “sales” or “sharing” of Personal Information, as those terms are defined by California law. This right applies even though ESH does not currently “sell” or “share” Personal Information. You are welcome to submit a request to ESH to opt-out of future “sales” or “sharing”. If we ever start “selling” or “sharing” Personal Information, we will honor your request and exclude your information.

E. Information Retention

We retain personal information that we collect for as long as we need to use it in connection with our business and in accordance with our standard practices or in compliance with applicable laws. When we no longer need the personal information, we will deidentify, aggregate, or delete this information where required by law.

III. DIGITAL ANALYTICS & ADVERTISING

We partner with certain third-party service providers to collect information about your use of the Site and App and other sites and apps over time for non-advertising purposes, such as analytics, auditing, research, and reporting. We use Adobe Analytics to help us understand how our customers use the Site and App across devices (e.g., mobile phone, computer). You can read more about how Adobe Analytics collects and uses data when you visit our Site and App, and opt out of the use of cookies in web browsers by Adobe Analytics by clicking here. We also use Google Analytics to help us to improve and personalize the overall the experience of our Site and App, identify and address search results for your local area, and understand usage of our Services. For more information about how Google Analytics collects and uses data when you use our Site, visit www.google.com/policies/privacy/partners, and to opt out of Google Analytics, visit tools.google.com/dlpage/gaoptout.

We also partner with third parties who provide advertising services that are based on your online activities across websites, mobile apps, and devices over time (commonly referred to as “interest-based advertising”). Our advertising partners may collect information about your activities on our Services on your current device and combine it with information about your activities on other websites, mobile apps, and devices.

For more information about interest-based advertising and how to opt out of interest-based advertising on websites by third parties that participate in self-regulatory programs, visit the Network Advertising Initiative at https://www.networkadvertising.org/understanding-online-advertising/what-are-my-options and/or the Digital Advertising Alliance at youradchoices.com. If you delete your cookies or use a different browser or mobile device, you may need to renew your opt-out choices exercised through the DAA Webchoices tool. You may opt out of interest-based advertising through Adobe Target by visiting https://hvmllc.tt.omtrdc.net/optout.

Please note that electing to opt out will not stop advertising from appearing in your browsers or applications. It may make the ads you see less relevant to your interests.

Additionally, your browser may offer tools to limit the use of cookies or to delete cookies; however, disabling some or all cookies could mean you will be unable to access certain content on the Site or use all features.

IV. LINKS TO OTHER SITES

The Site and App may contain links to websites or platforms owned or controlled by other companies, such as Facebook, Instagram, LinkedIn, Twitter, and YouTube. We have no control over and are not responsible for the data collection and use practices and privacy policies on third-party websites that you may access from our Site or App. We encourage our users to be aware when they leave our Services and to read the privacy statements of any other sites that collect personal information.

V. EEA AND UK RESIDENTS

This section applies to residents of the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”).

A. Lawful Basis for Processing

We may collect and process personal information about you where the laws of your jurisdiction permit it. We may rely on the following legal bases to process personal information about you:

Contract: It is necessary to process your personal information to perform a contract with you or because you have requested we do something before creating a contract with you that requires we process your personal information. For example, we process your name and payment information to fulfill your reservation.
Legitimate Interest: There is a commercial or business interest that is important to us or others which we’ve balanced against your privacy rights. For example, we may use your picture collected through a security camera to maintain the security of our physical locations.
Consent: We have asked for your permission to use your personal information. For example, we may ask for your permission to use your phone’s geolocation information to provide you better rates on our services.
Legal Obligation: It is necessary to use your personal information so that we can fulfil our legal and regulatory obligations. For example, some recordkeeping laws require we collect and retain certain information about our guests.

B. Transfers outside of the EEA or UK

Personal information may be transferred to the United States and to service providers in countries outside the EEA or UK and may be stored and processed manually and electronically through global systems and tools for the purposes outlined above.

When transferring personal information to countries outside the EEA or the UK, we are required to ensure personal information about you is adequately protected in the country where it is transferred. We transfer personal information to these countries only when it is subject to safeguards that assure the protection of personal information, such as entering contracts with transferee companies called the “standard contractual clauses” and the “UK addendum,” which require companies outside the EEA or UK to protect your personal information to the same extent as if it had remained in the EEA or UK.

C. Your Rights

See Section VII (“Your Rights and Choices”) of this Privacy Notice below for more information regarding rights that may be available to you.

VI. STATE PRIVACY NOTICE

California, Colorado, Connecticut, Utah, and Virginia residents have certain rights with regard to their personal information. If you are a resident of one of these states, this section of the Privacy Notice contains disclosures required by law. See Section VII (“Your Rights and Choices”) below for more information about the rights that may be available to you.

A. Collection, Use, and Disclosure of Personal Information

In the preceding 12 months, we collected and disclosed the following categories of personal information.

Categories of personal information	Disclosed to the following categories of third parties for business purposes:	Shared for targeted advertising purposes with the following categories of third parties:
Personal and online identifiers (like first and last name, email address, or unique online identifiers)	Our affiliates and joint venture partners; Our business partners; Our service providers; and Advertising companies.	Advertising companies.
Customer record information (like bank account number, credit card number, debit card number, or driver’s license number)	Our affiliates and joint venture partners; Our business partners; and Our service providers.	N/A
Characteristics of legally protected classifications (like disability status)	Our affiliates and joint venture partners; Our business partners; Our service providers; and Advertising companies.	N/A
Commercial or transactions information (like records of personal property or products or services purchased, obtained, or considered)	Our affiliates and joint venture partners; Our business partners; Our service providers; and Advertising companies.	Advertising companies.
Internet or other electronic network activity information (like browsing history, search history, interactions with a website, email, application, or advertisement)	Our affiliates and joint venture partners; Our business partners; Our service providers; and Advertising companies.	Advertising companies.
Geolocation information (including precise geolocation)	Our affiliates and joint venture partners; Our business partners; and Our service providers.	N/A
Sensory information (like videos and photos)	Our affiliates and joint venture partners; Our business partners; and Our service providers.	N/A
Professional or employment-related information	Our affiliates and joint venture partners; Our business partners; and Our service providers.	N/A
Sensitive personal information	Our service providers	N/A
Inferences drawn from the above information about your predicted characteristics and preferences	Our affiliates and joint venture partners; Our business partners; Our service providers; and Advertising companies.	Advertising companies.
Other information about you that is linked to the personal information above	Our affiliates and joint venture partners; Our business partners; Our service providers; and Advertising companies.	Advertising companies.

We collect personal information from all categories of sources described in Section II.B (“Sources of Information”) of this Privacy Notice.

We collect, use, and disclose personal information for the business and commercial purposes described in Section II.C (“Information Use”) of this Privacy Notice.

We do not sell or share the personal information of minors we know are under 16 years old.

B. Notice of Financial Incentive

Our Extended Perks Discount Program (“Extended Perks”) collects personal information, including name, email address, and stay preferences, to facilitate its operations and provide you with discounts, offers and deals. Participating in Extended Perks is entirely optional and is subject to its terms and conditions. You can opt in by signing up for an Extended Perks account. The amount and nature of these benefits will be determined by the extend of your participation in Extended Perks. We may adjust the terms of participation from time to time.

You may terminate Extended Perks participation at any time by contacting us at dataprivacy@extendedstay.com to delete your account. Upon a termination request, some Extended Perks data associated with the terminated account may be retained for record keeping and other legally permissible purposes. We may continue to process information about you in connection with your transactions with ESH.

The price and service differences, such as discounts and credits, that are available to you through Extended Perks are based upon our reasonable determination of the value that we receive from collecting, retaining, and selling (as defined by applicable law) personal information about you in connection with operating our business. This estimated value takes into account a variety of factors as permitted by law, including (but not limited to) our expenses incurred in collecting and processing the information, our expenses incurred in providing rewards to you, and the estimated marginal revenue that we may derive from information related to a specific Extended Perks participant.

VII. YOUR RIGHTS AND CHOICES

A. Your Rights:

Residents of certain jurisdictions, including the EEA, U.K., California, Colorado, Connecticut, Virginia, and Utah, have rights with respect to the personal information collected by us. You may be able exercise the following rights, subject to certain exceptions and limitations.

Rights to Confirm and to Know: The right to confirm whether we are processing personal information about you and to request that we disclose the categories of personal information we collected about you individually, the categories of sources from which the information was collected, the business or commercial purposes for which we collected or sold that information, and the categories of third parties to whom the information was sold or disclosed for a business purpose in the last 12 months..
Rights to Access and Portability: The right to request access to the personal information we maintain about you and to request a portable copy. You may have the right to request we transmit a copy of personal information about you to another business.
Right to Correct Inaccuracies: You may have the right to correct inaccuracies in the personal information we have collected about you.
Right to Delete: You may have the right to request we delete personal information that we have collected or maintain about you.
Right to Opt-Out of Sale or Sharing: You may have the right to opt out or ask us not to sell or share your personal information. To exercise this right, click the “Do not sell or share my personal information” link located on the home page of the Site or App or use one of the methods listed below under “Submitting a Rights Request.”
Rights to Restrict or Object to Processing: Depending on your jurisdiction, you may have the right to limit or object to our processing of personal information in certain circumstances.
Right to Limit Processing of Sensitive Personal Information: Depending on your state, you may have the right to limit our processing of certain “sensitive” personal information (or to withdraw consent for such processing if you previously gave it).
Right to Withdraw Consent: The right to withdraw consent you previously provided to processing your personal information.
Right Not to Receive Discriminatory Treatment: You have the right not to be discriminated against for the exercise of the above privacy rights.

If you are unhappy with our response to your request, we hope you will reach out to us first at dataprivacy@extendedstay.com. For residents of the EEA and the UK, if you are still unhappy, you have the right to complain to your data protection authority.

Additionally, for Colorado, Connecticut, or Virginia residents, if you have submitted a request that you believe we have not reasonably fulfilled, you may contact us to appeal our decision by sending an email with the subject line “Appeal” to dataprivacy@extendedstay.com.

To exercise any of the rights identified above, you may submit a request through Privily.io at https://portal.privily.io/dataSubject?cStartId=a80cf585c61490a1d0dce42d25198db4, calling 877.651.2124 to speak to an ESH representative, or write our Privacy Officer at 11525 North Community House Road, Ste. 100, Charlotte, NC 28277 or dataprivacy@extendedstay.com.

You may exercise these rights yourself or have the option to designate an authorized agent to submit a request on your behalf. Note that we may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled. We will require you to provide, at a minimum, your name and email address.

If you would like an authorized agent to submit a request on your behalf, please contact us using the methods in above for instructions and details on proof and information required for use of an authorized agent. We may need to also contact you directly to verify the request.

B. Update Your Contact Information:

- If you want to update or correct your contact information with us, please contact us using the telephone number or email in the “Contact Us” section at the end of this Privacy Notice.
- You may also use any “Contact Us” feature on www.extendedstayamerica.com or update contact information within any user account you maintain with us.

C. Enable / Disable App Location Tracking:

- You can choose whether or not to allow the App to collect and use real-time information about your device’s location through your device’s settings
- You can manage these preferences when the App is first launched or at a later stage by using the setting on your mobile device.
- If you block the use of location information, the App may not function as intended and certain features may not be available to you.

D. Promotional Emails:

- If you receive any promotional email communication from us, you will be given the option to “unsubscribe” from further promotional email communications from us if you wish to stop receiving these communications.
- If you opt out of receiving promotional emails, we will still send you messages related to our transactions and relationship with you, including reservation information.

E. Interest-Based Advertising:

- For choices with respect to third-party interest-based advertising activities, please see the “Digital Analytics & Advertising” section above.

VIII. AUTOMATED LICENSE PLATE RECOGNITION USAGE AND PRIVACY POLICY

We use Automated License Plate Recognition (“ALPR”) technology to collect information relating to vehicles present at various points of entry onto some physical properties in certain states. We use this information to detect, prevent, investigate, report and address activities that may violate our policies, be illegal, or otherwise impact the safety or security of our employees, vendors, and hotel guests, as well as for loss prevention purposes.

ESH restricts access to ALPR technology and ALPR Information to only those ESH personnel with a need-to-know such information for their job requirements. Access is granted to ESH District Managers only. These personnel receive training in data security and the sensitivity of ALPR Information. ESH’s use of ALPR technology is overseen by Vice President of Safety & Security.

ALPR Information is securely stored on ESH’s vendors’ servers subject to access control processes and procedures. ALPR Information is password protected, encrypted in transit and storage, and not used for purposes other than those disclosed in this Privacy Notice. ESH takes reasonable measures to ensure accuracy and integrity of the ALPR information its vendors collect, including maintaining access controls and access logs (which includes the date/time information is accessed, license plate number, username of the person who accessed the information, and the purpose for accessing this information). ESH also monitors access logs to prevent unauthorized access. When using this information in connection with the investigation of an incident, ESH considers all available information, including information from other systems.

ALPR Information is stored for approximately seven (7) days before it is permanently deleted, unless we need to retain the information for compliance with applicable law, investigation of specific incidents, upon request of law enforcement, or other valid legal processes.

ESH may disclose ALPR Information when we believe doing so is necessary to:
Protect the rights or property of ourselves or others, including detecting, investigating, and reporting suspicious activities to law enforcement;
Comply with the request of law enforcement to see ALPR data gathered during an identified time period.
Comply with applicable law or respond to legal process requests, including from law enforcement or other government agencies; or
Protect our ESH companies, our properties and inventory, our hotel guests and employees.

When ALPR Information is necessary for one of the above purposes, ESH uses reasonable safeguards, including encryption, to secure the transfer of ALPR information. ESH does not sell ALPR Information to third parties.

IX. UPDATES TO THIS PRIVACY NOTICE

We may modify this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will post a link to the revised Privacy Notice on the homepage of our site. You can tell when this Privacy Notice was last updated by looking at the date at the top of the Privacy Notice. We encourage you to visit this page periodically to learn of any updates.

X. CONTACT US

For questions or comments regarding this Privacy Notice, including to exercise your rights, please contact Guest Services at 877.651.2124 or you may write our Privacy Officer at 11525 North Community House Road, Ste. 100, Charlotte, NC 28277 or dataprivacy@extendedstay.com.