Privacy Notice

Last Updated: February 1, 2023

Effective Date: February 1, 2023

I. INTRODUCTION

This Privacy Notice describes the Personal Information ESA Management, LLC and ESH Hospitality Strategies, LLC and its subsidiaries (collectively, “ESH,” “we,” “us,” or “our”) collect about you, how it is used and shared, and your rights and choices with regard to personal information. This Privacy Notice applies to personal information collected by or on behalf of ESH, including information collected at our hotels, our websites at www.extendedstayamerica.com and other websites offered by us (collectively, the “Site”), our social media pages, our mobile application (“App”) and other software applications that we offer (each an “App”), by email, by phone or other offline method, or from publicly available sources (collectively, the “Services”).

Certain hotels are franchised under the Extended Stay America® family of brands (“Franchised Hotels”). Franchised hotel operators are independent businesses. Franchised hotel operators may collect additional Personal Information not shared to ESA and not subject to this Privacy Notice

For purposes of this Privacy Notice, “personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include information that has been aggregated, de-identified, anonymized, or, in some cases, made publicly available in accordance with applicable law.

II. HOW WE COLLECT, USE AND SHARE PERSONAL INFORMATION

A. Information Collection

When accessing our Services, we may collect information about you, including your name, contact information, access credentials, stay preferences, Driver’s license or government ID, health information, and any other information you choose to provide. For example, we may collect this information from you when you make a reservation in our network of hotels, participate in our hotel rewards program, create an account with us, leave a review, contact us, or interact with us for any other purpose. We may also collect your payment information, such as billing address or credit card information, when you make a reservation or otherwise place an order with us. We may also buy or obtain personal data from other third parties, such as social media platforms, social analytics providers, and consumer data resellers.

We (and other entities) may automatically collect personal information from you through your interactions with the Services, including IP address, browser type, language preferences, device operating system, pages viewed on the Site or App, Site and App usage statistics, and other information we collect through the use of cookies and similar technology. We may use location data to analyze certain information, and to improve our Services and relevance of the information we provide to you via the Services. We may also use your location information to enable us to better focus our advertising and marketing efforts and to better tailor your use of the Services to your unique interests and needs. See the “Digital Analytics & Advertising” section of this Privacy Notice to learn more about the use of this information and the choices available to you.

B. Source of Information

We collect personal information from a number of sources, including the following:

Customers, guests, visitors or other consumers;
Franchised Hotels;
Service providers, including marketing and analytics providers; and
Third parties with whom you engage to access our Services, such as online travel agencies or similar booking sites.
Publicly available sources such as social media

C. Information Use

We may use information collected about you for our business and commercial purposes, including to:

Provide you with services and products you request, including fulfilling reservations, conducting check-in/check-out, and providing Wi-Fi and other incidentals;
Respond to your questions or feedback or otherwise respond to your requests;
Operate, personalize, and improve the Services, including for analytics;
Administer loyalty, travel, or discount programs, including the Extended Perks Discount Program;
Send updates, marketing, and sales promotions you might be interested in;
Maintain security and integrity of our Services and assets and to debug to identify and repair errors that impair existing intended functionality in the Services;
Comply with applicable laws and regulatory requirements, or as requested by government or regulatory authorities or law enforcement, including in response to a court order, subpoena, or other lawful request; and
With your consent or as otherwise disclosed at the time information is collected. permitted by you when we receive your consent.

D. Information Sharing

We may share information we collect with third parties, including the following:

Other entities within our corporate family of companies and joint partners;
Franchised Hotels as necessary to provide Services and operate our brand;
Online travel agencies or similar third-party services you use to book your stay at our hotels or otherwise engage our Services;
Corporate/national account administrators;
Group booking point of contact;
Our service providers, such as payment processors, marketing services, analytics services, and customer experience vendors, who help us operate our business
Law enforcement or other authorities pursuant to a subpoena, warrant, or other legal process as necessary to comply with law or to protect our rights and interests or the safety of you or others;
Prospective or new successor entities in connection with a potential or actual merger, divestiture, acquisition, restructuring, reorganization, dissolution, change of control, or other sale or transfer of some or all of our assets, including as part of bankruptcy proceeding; and
With your consent or as otherwise disclosed at the time of data collection or sharing.

We may share aggregate or deidentify information without limitation.

Please note California law gives consumers the right to opt out of “sales” or “sharing” of Personal Information, as those terms are defined by California law.

E. Information Retention

We retain personal information that we collect for as long as we need to use it in connection with our business and in accordance with our standard practices or in compliance with applicable laws. When we no longer need the personal information, we will deidentify, aggregate, or delete this information where required by law.

III. DIGITAL ANALYTICS & ADVERTISING

We partner with certain third-party service providers to collect information about your use of the Site and App and other sites and apps over time for non-advertising purposes, such as analytics, auditing, research, and reporting. We use Adobe Analytics to help us understand how our customers use the Site and App across devices (e.g., mobile phone, computer). You can read more about how Adobe Analytics collects and uses data when you visit our Site and App, and opt out of the use of cookies in web browsers by Adobe Analytics by clicking here. We also use Google Analytics to help us to improve and personalize the overall the experience of our Site and App, identify and address search results for your local area, and understand usage of our Services. For more information about how Google Analytics collects and uses data when you use our Site, visit www.google.com/policies/privacy/partners, and to opt out of Google Analytics, visit tools.google.com/dlpage/gaoptout.

We also partner with third parties who provide advertising services that are based on your online activities across websites, mobile apps, and devices over time (commonly referred to as “interest-based advertising”). Our advertising partners may collect information about your activities on our Services on your current device and combine it with information about your activities on other websites, mobile apps, and devices.

For more information about interest-based advertising and how to opt out of interest-based advertising on websites by third parties that participate in self-regulatory programs, visit the Network Advertising Initiative at https://www.networkadvertising.org/understanding-online-advertising/what-are-my-options and/or the Digital Advertising Alliance at youradchoices.com. If you delete your cookies or use a different browser or mobile device, you may need to renew your opt-out choices exercised through the DAA Webchoices tool. You may opt out of interest-based advertising through Adobe Target by visiting https://hvmllc.tt.omtrdc.net/optout.

Please note that electing to opt out will not stop advertising from appearing in your browsers or applications. It may make the ads you see less relevant to your interests.

Additionally, your browser may offer tools to limit the use of cookies or to delete cookies; however, disabling some or all cookies could mean you will be unable to access certain content on the Site or use all features.

IV. LINKS TO OTHER SITES

The Site and App may contain links to websites or platforms owned or controlled by other companies, such as Facebook, Instagram, LinkedIn, Twitter, and YouTube. We have no control over and are not responsible for the data collection and use practices and privacy policies on third-party websites that you may access from our Site or App. We encourage our users to be aware when they leave our Services and to read the privacy statements of any other sites that collect personal information.

V. EEA AND UK RESIDENTS

This section applies to residents of the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”).

A. Lawful Basis for Processing

We may collect and process personal data about you where the laws of your jurisdiction permit it. We may rely on the following legal bases to process personal data about you:

Contract: It is necessary to process your personal data to perform a contract with you or because you have requested we do something before creating a contract with you that requires we process your personal data. For example, we process your name and payment data to fulfill your reservation.
Legitimate Interest: There is a commercial or business interest that is important to us or others which we’ve balanced against your privacy rights. For example, we may use your email address to provide you with marketing information, if permitted by your preferences..
Consent: We have asked for your permission to use your personal data. For example, we may ask for your permission to use your phone’s geolocation data to provide you better rates on our services.
Legal Obligation: It is necessary to use your personal data so that we can fulfil our legal and regulatory obligations. For example, some recordkeeping laws require we collect and retain certain information about our guests.

B. Transfers outside of the EEA or UK

Personal information may be transferred to the United States and to service providers in countries outside the EEA or UK and may be stored and processed manually and electronically through global systems and tools for the purposes outlined above.

C. Your Rights

See Section VII (“Your Rights and Choices”) of this Privacy Notice below for more information regarding rights that may be available to you.

VI. STATE PRIVACY NOTICE

California, Colorado, Connecticut, Utah, and Virginia residents have certain rights with regard to their personal information. If you are a resident of one of these states, this section of the Privacy Notice contains disclosures required by law. See Section VII (“Your Rights and Choices”) below for more information about the rights that may be available to you.

A. Collection, Use, and Disclosure of Personal Information

In the preceding 12 months, we collected and disclosed the following categories of personal information.

Categories of personal information	Do we collect?	What purposes do we collect for?:	Do we disclose for a business purpose, and if so, to what third parties:	Do we sell or share for advertising and, if so, to what types of third parties?
Personal and online identifiers (like first and last name, email address, or unique online identifiers)	Yes	Hotel Services, Payments, Communications, Marketing, Guest Safety, Improving Our Services, Operations	Yes – Reservations, Payment, Marketing, Technology, Operations	Not sold Shared to technology and advertising providers
Customer record information (like bank account number, credit card number, debit card number, or driver’s license number)	Yes	Hotel Services, Payments, Communications, Marketing, Guest Safety, Improving Our Services, Operations	Yes – Reservations, Payment, Technology, Operations	Not sold or shared
Characteristics of legally protected classifications (like disability status)	Yes	Hotel Services, Marketing, Guest Safety, Operations	Yes – Technology, Operations	Not sold or shared
Biometric Information (like DNA, imagery of the iris, retina, fingerprint, facial recognition, and other technologies)	No	N/A	No	N/A
Commercial or transactions information (like records of personal property or products or services purchased, obtained, or considered)	Yes	Hotel Services, Communications, Marketing, Improving Our Services, Operations	Yes – Marketing, Technology, Operations	Not sold Shared to technology and advertising providers
Internet or other electronic network activity information (like browsing history, search history, interactions with a website, email, application, or advertisement)	Yes	Marketing, Improving Our Services, Operations	Yes – Technology, Operations	“Sold” to Affiliate marketing companies Shared to technology and advertising providers
Geolocation information (including precise geolocation)	No	Marketing, Improving Our Services, Operations	Yes – Technology, Operations	Not sold or shared
Sensory information (like videos and photos)	Yes	Guest Safety, Improving Our Services, Operations	Yes – Technology, Operations	Not sold or shared
Professional or employment-related information	No	N/A	No	Not sold or shared
Inferences drawn from the above information about your predicted characteristics and preferences	Yes	Marketing, Improving Our Services.	Yes – Marketing, Technology	Not sold Shared to technology and advertising providers

We collect personal information from all categories of sources described in Section II.B (“Sources of Information”) of this Privacy Notice.

We collect, use, and disclose personal information for the business and commercial purposes described in Section II.C (“Information Use”) of this Privacy Notice.

We do not sell or share the personal information of minors we know are under 16 years old.

B. Notice of Financial Incentive

Our Extended Perks Discount Program (“Extended Perks”) collects personal information, including name, email address, and stay preferences, to facilitate its operations and provide you with discounts, offers and deals. Participating in Extended Perks is entirely optional and is subject to its terms and conditions. You can opt in by signing up for an Extended Perks account. The amount and nature of these benefits will be determined by the extend of your participation in Extended Perks. We may adjust the terms of participation from time to time.

You may terminate Extended Perks participation at any time by contacting us at dataprivacy@extendedstay.com to delete your account. Upon a termination request, some Extended Perks data associated with the terminated account may be retained for record keeping and other legally permissible purposes. We may continue to process information about you in connection with your transactions with ESH.

The price and service differences, such as discounts and credits, that are available to you through Extended Perks are based upon our reasonable determination of the value that we receive from collecting, retaining, and selling (as defined by applicable law) personal information about you in connection with operating our business. This estimated value takes into account a variety of factors as permitted by law, including (but not limited to) our expenses incurred in collecting and processing the information, our expenses incurred in providing rewards to you, and the estimated marginal revenue that we may derive from information related to a specific Extended Perks participant.

VII. YOUR RIGHTS AND CHOICES

A. Your Rights:

Residents of certain jurisdictions, including the EEA, U.K., California, Colorado, Connecticut, Virginia, and Utah, have rights with respect to the personal information collected by us. You may be able exercise the following rights, subject to certain exceptions and limitations.

Rights to Confirm and to Know: The right to confirm whether we are processing personal information about you and to request that we disclose the categories of personal information we collected about you individually, the categories of sources from which the information was collected, the business or commercial purposes for which we collected or sold that information, and the categories of third parties to whom the information was sold or disclosed for a business purpose in the last 12 months..
Rights to Access and Portability: The right to request access to the personal information we maintain about you and to request a portable copy. You may have the right to request we transmit a copy of personal information about you to another business.
Right to Correct Inaccuracies: You may have the right to correct inaccuracies in the personal information we have collected about you.
Right to Delete: You may have the right to request we delete personal information that we have collected or maintain about you.
Right to Opt-Out of Sale or Sharing: You may have the right to opt out or ask us not to sell or share your personal information. To exercise this right, click the “Do not sell or share my personal information” link located on the home page of the Site or App or use one of the methods listed below under “Submitting a Rights Request.”
Rights to Restrict or Object to Processing: Depending on your jurisdiction, you may have the right to limit or object to our processing of personal information in certain circumstances.
Right to Limit Processing of Sensitive Personal Information: Depending on your state, you may have the right to limit our processing of certain “sensitive” personal information (or to withdraw consent for such processing if you previously gave it).
Right to Withdraw Consent: The right to withdraw consent you previously provided to processing your personal information.
Right Not to Receive Discriminatory Treatment: You have the right not to be discriminated against for the exercise of the above privacy rights.

If you are unhappy with our response to your request, we hope you will reach out to us first at dataprivacy@extendedstay.com. For residents of the EEA and the UK, if you are still unhappy, you have the right to complain to your data protection authority.

Additionally, for Colorado, Connecticut, or Virginia residents, if you have submitted a request that you believe we have not reasonably fulfilled, you may contact us to appeal our decision by sending an email with the subject line “Appeal” to dataprivacy@extendedstay.com.

To exercise any of the rights identified above, you may submit a request through Privily.io at https://portal.privily.io/dataSubject?cStartId=a80cf585c61490a1d0dce42d25198db4, calling 877.651.2124 to speak to an ESH representative, or write our Privacy Officer at 13024 Ballantyne Corporate Place, Suite 1000, Charlotte, NC 28277 or dataprivacy@extendedstay.com.

You may exercise these rights yourself or have the option to designate an authorized agent to submit a request on your behalf. Note that we may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled. We will require you to provide, at a minimum, your name and email address.

If you would like an authorized agent to submit a request on your behalf, please contact us using the methods in above for instructions and details on proof and information required for use of an authorized agent. We may need to also contact you directly to verify the request.

B. Update Your Contact Information:

- If you want to update or correct your contact information with us, please contact us using the telephone number or email in the “Contact Us” section at the end of this Privacy Notice.
- You may also use any “Contact Us” feature on www.extendedstayamerica.com or update contact information within any user account you maintain with us.

C. Enable / Disable App Location Tracking:

- You can choose whether or not to allow the App to collect and use real-time information about your device’s location through your device’s settings
- You can manage these preferences when the App is first launched or at a later stage by using the setting on your mobile device.
- If you block the use of location information, the App may not function as intended and certain features may not be available to you.
- If you choose to turn off the precise geolocation feature on your device, you may not be able to use certain functions available through this functionality such as searching for hotels nearby. This is because the precise geolocation feature is used to provide you with more relevant and localized search results.

D. Promotional Emails:

- If you receive any promotional email communication from us, you will be given the option to “unsubscribe” from further promotional email communications from us if you wish to stop receiving these communications.
- If you opt out of receiving promotional emails, we will still send you messages related to our transactions and relationship with you, including reservation information.

E. Interest-Based Advertising:

- For choices with respect to third-party interest-based advertising activities, please see the “Digital Analytics & Advertising” section above.

VIII. AUTOMATED LICENSE PLATE RECOGNITION USAGE AND PRIVACY POLICY

In some locations, ESH has permitted local law enforcement to place automated license plate readers (ALPR) on ESH properties. ESH does not have access to any information from these ALPRs and is not an “end user” of such information. ALPRs are installed and maintained by Flock. You can read Flock’s privacy notice at: https://www.flocksafety.com/privacy-policy as well as additional privacy FAQs at: https://www.flocksafety.com/faq/privacy-and-access.

IX. UPDATES TO THIS PRIVACY NOTICE

We may modify this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will post a link to the revised Privacy Notice on the homepage of our site. You can tell when this Privacy Notice was last updated by looking at the date at the top of the Privacy Notice. We encourage you to visit this page periodically to learn of any updates.

X. CONTACT US

For questions or comments regarding this Privacy Notice, including to exercise your rights, please contact Guest Services at 877.651.2124 or you may write our Privacy Officer at 13024 Ballantyne Corporate Place, Suite 1000, Charlotte, NC 28277 or dataprivacy@extendedstay.com.