Privacy Notice

Last Updated: September 21, 2022

I. INTRODUCTION

This Privacy Notice describes the information ESA Management, LLC and ESH Hospitality Strategies, LLC and its subsidiaries (collectively, “ESH”) collect about you, how it is shared, your rights and choices with regard to your personal information, and how we secure your information. This Privacy Notice applies to personal information collected by or on behalf of ESH (“we,” “us”), including information collected at our hotels, our websites at www.extendedstayamerica.com and other websites offered by us including mobile versions of those sites that link to this Privacy Notice (collectively, the “Site”), our social media pages, our mobile application and other software applications that we offer for use on or through computers and mobile devices that reference or link to this Privacy Notice (each an “App”), by email, by phone or other offline method, or anywhere else we display this Privacy Notice (collectively, the “Services”, and the users of our Services, the “Users”). This Privacy Notice also applies to the personal information about you that we receive from a third party, including Franchised Hotels (defined below), unless specifically covered by such third party’s privacy notice.

By staying at one of our properties or by accessing or using the Services, you are acknowledging that you have read and understand this Privacy Notice and agree to the terms in effect at the time of your use. If you do not agree with or consent to the terms of this Privacy Notice, please refrain from using or engaging with the Services, or if you are already using the Services, please immediately discontinue your use of the Services.

Certain hotels are franchised under the Extended Stay America® family of brands (“Franchised Hotels”). We do not own or operate these hotels, and we do not control the collection, use, or access of your information by Franchised Hotels and their staff. Franchised Hotels collect and process credit card information and receive payment for your stay, and the rules of their credit card processors will govern the security of your payment information.

For purposes of this Privacy Notice, “personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include information that has been aggregated, de-identified, anonymized, or made publicly available in accordance with applicable law.

II. HOW WE COLLECT, USE AND SHARE PERSONAL INFORMATION

We may collect personal information from hotel guests or visitors (“Hotel Guests”) and Users in different ways and for different purposes. For example, if you are a Hotel Guest, we may collect personal information from you to process a reservation in our network of hotels or if you elect to participate in our hotel rewards program. If you are a User, we may collect personal information from you if you visit our Site, create an account with us through the Services, or send us a message through the Services.

We collect personal information in the following ways: 1) information you provide to us when you use the Services or visit our hotels, and 2) information collected automatically when you interact with the Site, App or certain features of our hotels. The tables below describe the categories of personal information we may collect about you or may have collected about you in the last twelve months, the sources from which we collect that personal information, the purposes for which we may use that information, and the third parties with whom we may share that information. It is important to note that the types of personal information we collect will depend on your interaction with the Services, including whether you are a Hotel Guest or a User and the types of Services that you use.

A. Personal Information Collected from Our Hotel Guests

Categories of Personal Information Collected	Contact Information, such as name, phone number, email address, mailing address Payment Information, such as billing address or credit card information Stay Preferences such as room type and floor Driver’s License or Other Identity Card Information, including the identification number, name, address, date of birth, gender, and photo image Reservation Record, such as reservation or folio with dates or other booking information about your stay Comments or Feedback, such as comments or feedback relating to the Services or stay at hotel Group Membership, such as association number (e.g., AAA), corporate account number or group booking number Recordings, such as video, photo, and audio data captured on phone calls to the call center or from closed-circuit TV cameras placed in public/common areas of the hotel or property for security purposes Health Information, in limited circumstances, including information about your COVID-19 testing status if you voluntarily choose to provide it to us In addition to those listed above, we may also collect the following categories of information from Users: Online Activity Information that is collected automatically when Users interact with the Site or App, such as IP address, browser type, language preferences, referring sites, cookies, browser type, device operating system, pages viewed on the Site and Site usage statistics Access Credentials including username and password when you create an account through the Services Geolocation Data (as further described below) App Usage Data that captures how you interact with the App and the content you visit Device Data about the mobile device used to interact with the App such as device type, unique device identifier, and mobile network information
Sources of Information	Customers, guests, visitors or other consumers whether in-person at our hotels, through our call centers, through our guest feedback platforms or otherwise through the Services Management and/or owners of Franchised Hotels Corporate/national account administrators Our service providers such as vendors that provide marketing services, analytics services or lead generation Third-Parties with whom you engage to access our Services, such as online travel agencies or similar booking sites Digital Information collected from satellite or cell phone towers, closed-circuit TV cameras placed in public/common areas, license plate readers, Wi-Fi signals or similar technologies when Users engage with the Services Cookies and similar technologies that we use on the Site or in our App, or in the emails we send to you.
Uses of Information	We may use information collected about Hotel Guests and Users for our business and commercial purposes, including to: Provide our services and products, respond to your questions or feedback, send you information about our offerings and promotions, or otherwise communicate with you or respond to your requests Perform analytics to provide you with personalized offers and content and improve business operations Process payment to provide requested services (e.g., facilitate reservation processing, including payment, check-in/check-out, provide Wi-Fi / laundry / other incidentals) Enable you to view information about past and upcoming stays Provide and compile customer satisfaction surveys Provide you with customer support and a personalized experience when you interact with the Services Administer loyalty, travel, or discount programs, including the Extended Perks Discount Program Conduct marketing and sales promotions and serve targeted advertising promotions and other events and services you might be interested in. Conduct social media campaigns Develop new goods or services, improving or modifying our services, evaluating our promotions and marketing Maintain security and protection of our systems and assets and to debug to identify and repair errors that impair existing intended functionality in the Services Monitor fraud, prevent losses, or detect security or other safety incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity Maintain a safe environment (e.g. minimize the risk of COVID-19 spreading amongst guests and employees in our properties), serve you better, and meet your particular needs Communicate with you, including to verify your identity if you make requests regarding your personal information Train our employees Comply with applicable laws and regulatory requirements, or as requested by government or regulatory authorities or law enforcement, including in response to a court order, subpoena, or other lawful request As otherwise permitted by you when we receive your consent
Sharing Information	Except as described in the Privacy Notice, we do not share your information outside our corporate family of companies without your consent. We may share your information with: Other entities within our corporate family of companies Management and/or owners of a Franchised Hotel as necessary to provide Services and operate our brand Online travel agencies or similar third-party services you use to book your stay at our hotels or otherwise engage our Services (an extract of your bill (including the dates of your stay, your credit card details and amounts incurred at our hotel property including room charges and all incidental charges and service fees) may be disclosed to your third-party booking agency to facilitate payments) Corporate/national account administrators Group booking point of contact for group reservations Our service providers such as payment processors or vendors that provide: marketing services, analytics services customer experience, feedback, claims management or other vendors that help us operate our business Our attorneys, accountants and auditors or as necessary in connection with pending litigation or any regulation or legal investigation Other third parties as necessary for the uses described above, including law enforcement or other authorities pursuant to a subpoena, warrant, or other legal process as necessary to comply with law or to protect our rights and interests or the safety of you or others Prospective or new successor entities in connection with a merger, divestiture, acquisition, restructuring, reorganization, dissolution, change of control, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred There may also be times when we share aggregate information (that does not individually identify any particular person) with advertisers, business partners, subsidiary companies, affiliated companies, parent corporations, sponsors, joint venture partners and other third parties in an effort to customize or enhance the content and advertising of the Site for future users or to improve our marketing and promotional efforts. Franchised Hotels, as described in more detail below

B. Additional Information Regarding the Categories of Personal Information Collected

The following provides more details regarding some of the categories of personal information described in the tables above:

Geolocation Data: We or our service providers may receive information about your general location by collecting information such as your IP address. We may use location data to analyze certain information, and to improve our Services and relevance of the information we provide to you via the Services. We may also use your location information to enable us to better focus our advertising and marketing efforts and to better tailor your use of the Services to your unique interests and needs. Please note that if you do not share your location information then you may not be able to redeem certain offers and the App may have limited functionality.
Cookies and Other Online Tracking Data: Whenever you visit or interact with the Site or App, we, as well as our service providers, may use assorted technologies that automatically or passively collect information about how the Site is accessed and used, IP address, device ID and similar information, including by use of “cookies.” Cookies are small data files that are placed on a computer’s web browser for the purpose of keeping records. Cookies can enhance your online experience by personalizing your experience while visiting a particular website. We use cookies to help us identify Site features and content which are of the greatest interest, so we will be able to enhance this Site to enhance your web experience. We or our service providers may also use web beacons, pixel tags or similar technologies to track certain online activity. These tools help us determine various types of technical information. For example, when you ask us to send you information on a promotion or via newsletters, web beacons may be used to determine how many of the emails we send are actually opened. Most information we collect using cookies will be aggregated and not intended to identify individual Users but to the extent such information includes personal information, it will be treated in accordance with this Privacy Notice.
Tracking Tools and Analytical Data: We partner with certain third-party service providers to collect information to engage in analytics, auditing, research, and reporting. These third parties may use server logs, tags, pixels, and similar technologies, and they may set and access cookies on your computer or other device. In particular, we use Adobe Analytics and Adobe Marketing Cloud Device Cooperative solutions to help us understand how our customers use the Site and App across devices (e.g. mobile phone, computer). These Adobe services allow us to deliver tailored promotions to our customers. You can read more about how Adobe Analytics uses your data here and opt out of the use of cookies in web browsers by Adobe Analytics by clicking here. To learn more about the Adobe Marketing Cloud Device Cooperative service, click here; and to opt out of the service, click here. We also use Google Analytics to help us identify and address search results for your local area and understand usage of our Services, which we use to improve and personalize the overall the experience for you. You can find out more about how to opt-out of our use of Google Analytics here.
Third-Party Advertising: We also partner with third parties to provide advertising services that are targeted based on your online activities that are tracked across websites, mobile apps, and devices over time (commonly referred to as “interest-based advertising”). Our advertising partners may collect information about your activities on our Services on your current device and combine it with information about your activities on other websites, mobile apps, and devices. We, or our service providers, may collect such information using server logs, cookies, web beacons, tags, pixels, mobile advertising IDs (such as Facebook cookies or Google’s Advertising ID), cross-device linking, and similar technologies. For example, our advertising partners may use the fact that you visited the Site to target advertising to you on other websites and mobile apps on your current device or on other devices you use. They may match your browsers or devices if you log into the same online service on multiple devices or if your devices share similar attributes that support an inference that they are used by the same person or household. This means that information about your activity on websites or apps on your current browser or device may be combined and used with information collected from your other browsers or devices. You can opt out of interest-based advertising in web browsers and mobile apps on your current browser or device by following the instructions below.

For more information about interest-based advertising and cross-device linking, please visit the Adobe Target website. You may opt out of interest-based advertising and cross-device linking in web browsers and mobile apps on your current browser or device by following the instructions below.

To opt out in web browsers using Adobe's opt-out tool, please visit: https://hvmllc.tt.omtrdc.net/optout

To opt out of advertising on your browser by third parties that participate in self-regulatory programs, visit the Network Advertising Initiative at https://www.networkadvertising.org/understanding-online-advertising/what-are-my-options, and/or the Digital Advertising Alliance’s consumer choice tool at https://optout.aboutads.info/?c=2&lang=EN

Please note that Adobe Target is the primary site personalization tool for the Site and disabling Adobe Target could mean you will be unable to access certain content on the Site or use all features. Please further note that each of the opt-out options described above will apply only to the specific browser or device from which you opt out, and therefore you will need to opt out separately on all of your browsers and devices. If you delete or reset your cookies or mobile advertising identifiers, change browsers (including upgrading certain browsers), or use a different device, any opt-out cookie or tool may no longer work, and you will need to opt out again.

Some browsers have a Do-Not-Track (“DNT”) feature that lets you tell websites that you do not want to have your online activities tracked. When you choose to turn on the DNT setting in your browser, your browser sends a signal to websites, analytics companies, ad networks, plug-in providers, and other web services you encounter while browsing to stop tracking your activity via cookies or other tracking technologies. Please note that the Site does not currently respond to browser-based DNT signals. For information regarding DNT and how to enable this setting, if available on your devices, click here.

C. Additional Information Regarding Information Collected from Franchisees

Franchised Hotels are independently owned and operated. Your personal information collected or maintained directly by Franchised Hotels is not subject to this Privacy Notice, unless such information has been shared with us, in which case this Privacy Notice only covers our collection, use, and maintenance of your personal information. If you book a reservation directly with a hotel and that hotel utilizes our property management system, your personal information related to that reservation will be transmitted to and processed by us.

We may disclose your personal information and other information we collect to the owners, managers and operators of Franchised Hotels and owners of hotels that we manage (but do not own) that require access to your personal information for our business purposes and required to provide you with requested Services.

III. LINKS TO OTHER SITES

The Site and App may contain links to websites or platforms owned or controlled by other companies, such as Facebook, Instagram, LinkedIn, Twitter and YouTube. We are only responsible for our Site and App or Services that link to this Privacy Notice. We have no control over and are not responsible for the data collection and use practices and privacy policies on third-party websites that you may access from our Site or App. We do not guarantee the quality, content or availability of any third-party website to which a link may be provided. Any links are made available to you as a convenience, and you agree to use the links at your own risk. We encourage our users to be aware when they leave our Services and to read the privacy statements of any other site that collects personal information.

IV. CHILDREN’S PERSONAL INFORMATION

WE DO NOT ALLOW INDIVIDUALS WHO WE KNOW ARE UNDER 18 TO PARTICIPATE IN OUR SERVICES WITHOUT A PARENT OR GUARDIAN PRESENT. YOU MUST BE AT LEAST 18 YEARS OLD OR THE APPLICABLE AGE OF MAJORITY TO USE OUR SERVICE. PLEASE REVIEW THIS PRIVACY NOTICE WITH YOUR PARENT OR GUARDIAN IF YOU ARE UNDER 18. Please understand that we cannot necessarily tell if a user is providing us with his or her true age. If we become aware that we have unknowingly collected personal information from a child under the age of 18, we will make reasonable efforts to delete such information from our records right away. If a child has directly provided us with personal information, a parent or guardian of that child may contact us to have the information deleted from our records. To do so, contact us through the information provided below in the “Contact Us” section.

V. USERS OUTSIDE THE U.S.

We are headquartered in the United States and the Services are intended for Users in the United States. If you are located outside the United States, be advised that any information you provide to us will be transferred to and stored in the United States and to our service providers who may be located in other jurisdictions around the world, and that, by submitting information to us, you explicitly authorize its transfer and storage within the United States and other jurisdictions where the privacy laws may not be the same as the country in which you are located. We will protect the privacy and security of personal information according to this Privacy Notice regardless of where it is processed or stored. Do not provide us with personal information if you do not want your personal information to be transferred to the United States or to other jurisdictions, or if the laws in your country restrict these types of transfers.

VI. SECURITY

We use security safeguards and controls designed to protect your information from unauthorized access or use. Unfortunately, the transmission of information over the Internet is not completely secure. Therefore, we cannot guarantee the security of your personal information transmitted to the Services and any transmission is at your own risk. Once we have received your personal information, we will use reasonable efforts to implement procedures and security features to help prevent unauthorized access. However, due to the nature of evolving technologies, we cannot provide, and expressly disclaim, any assurance that the information you provide us will remain free from loss, misuse, or alteration by third parties who, despite our efforts, obtain unauthorized access.

VII. YOUR RIGHTS AND CHOICES

You have certain rights and choices with regard to personal information we collect, including the right to:

Update Your Contact Information:

If you want to update or correct your contact information with us, please contact us using the telephone number or email in the “Contact Us” section at the end of this Privacy Notice.
You may also use any “contact us” feature on www.extendedstayamerica.com or update contact information within any user account you maintain with us.

Enable / Disable App Location Tracking:

You can choose whether or not to allow the App to collect and use real-time information about your device’s location through your device’s settings
You can manage these preferences when the App is first launched or at a later stage by using the setting on your mobile device.
If you block the use of location information, the App may not function as intended and certain features may not be available to you.

Promotional Emails:

If you receive any promotional email communication from us, you will be given the option to “unsubscribe” from receiving further email communications from us if you wish to stop receiving these communications at any time, except with respect to emails relating to transactions (e.g., room or service bookings through the Service).
Your option not to receive promotional and marketing material will not preclude us from corresponding with you, by email or otherwise, regarding your existing or past business relationships with us, and will not preclude us from accessing and viewing your personal information in the course of maintaining and improving the Service.

VIII. NOTICE TO CALIFORNIA RESIDENTS

The California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with certain rights with regard to their personal information. This section explains those rights.

A. Collection of Personal Information

For details on the personal information (as defined by the CCPA) we collected about California residents in the last 12 months, the sources of that information, our business or commercial purposes for collecting that information, and the third parties with whom we shared that information, please refer to Section II. of our Privacy Notice – INFORMATION WE COLLECT AND HOW WE COLLECT, USE AND SHARE PERSONAL INFORMATION.

B. Your Rights

If you are a California resident, you have certain rights with regard to your personal information, pursuant to the CCPA. Those rights may only apply in certain circumstances and may be subject to certain exemptions. Please see the information below for a summary of your rights and how to exercise them. Please note that we may require certain identifying information about you as necessary for us to verify the request in accordance with applicable law.

Right to Know: You have the right to request that we disclose the categories of personal information we collected about you individually, the categories of sources from which the information was collected, the business or commercial purposes for which we collected or sold that information, and the categories of third parties to whom the information was sold or disclosed for a business purpose in the last 12 months.
Right to Access: You have the right to request access to the personal information specific to you individually, that we collected about you in the last 12 months.
Right to Delete: You have the right to request us to delete personal information that we have collected or maintain about you. Please note that certain exceptions apply to this right, such as when we must retain your information to comply with law. We will notify you of any such exceptions as applicable to your request.
Right to Opt-Out of Sale: You have the right to opt-out or ask us not to sell your personal information in the event ESH begins to sell personal information in the future. To exercise this right, click the DO NOT SELL MY PERSONAL INFORMATION link located on the home page of the Site or App or use one of the methods listed immediately below in subsection C.

We will not discriminate against any California resident who exercises any of the rights described above. Specifically, except as permitted by the CCPA, we will not deny you goods or services; charge you different prices or rates, including through granting discounts or other benefits, or imposing penalties; provide you with a different level of service or quality of goods or services; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

C. How to Submit a Request

If you are a California resident and would like to exercise any of the CCPA rights identified above, you may submit a request by either clicking the link below or calling 877.651.2124 to speak to an ESH representative.

Click here to submit a privacy request through Privily.io.

D. Submitting a Request through Your Authorized Agent

If you are a California resident, you may exercise these rights yourself or have the option to designate an authorized agent to submit a request on your behalf. If you would like an authorized agent to submit a request on your behalf, please contact us using the methods in subsection C above for instructions and details on proof and information required for use of an authorized agent. We may need to also contact you directly to verify the request.

E. Disclosure of Personal Information

We disclosed personal information to third parties for business or commercial purposes during the last 12 months as further described in the INFORMATION WE COLLECT AND HOW WE COLLECT, USE AND SHARE PERSONAL INFORMATION Section II. of this Privacy Notice.
We also use cookies on the Site that collect data as further described in Section II.B (online tracking and analytics providers) section in our Privacy Notice and that includes information that is disclosed to advertising networks, which may be considered a “sale” under California law. Please refer to the online tracking and analytics providers section to learn more about opt-out options for third-party cookies and follow the Opt-Out of Sale instructions above to opt out of first-party cookies we deploy on the Site.
We do not knowingly collect the personal information of minors under age 18 and do not knowingly sell such information.

F. Notice of Financial Incentive

Our Extended Perks Discount Program (“Extended Perks”) collects personal information to facilitate its operations and provide you with discounts, offers and deals, including Contact Information and Stay Preferences (as defined in Section II.A). You can opt-out of non-Extended Perks marketing emails, or delete your personal information from our active marketing lists and retain your Extended Perks account and benefits. Participating in Extended Perks is entirely optional, but is subject to its terms and conditions. You must opt-in by signing up for an Extended Perks account. California consumers may make a personal information deletion request under the CCPA, but will maintain their Extended Perks account because such deletion requests will not terminate participation in Extended Perks. You may, however, terminate Extended Perks participation at any time by contacting us at dataprivacy@extendedstay.com to delete your account. Upon a termination request, some Extended Perks data associated with the terminated account may be retained for record keeping and other legally permissible purposes. For CCPA purposes, we treat the value of any personal information collected as the equivalent of relevant expenses related to the collection and retention of consumers’ personal information as part of Extended Perks, the details of which we maintain as a trade secret. We pay these expenses and provide the Extended Perks benefits to foster a positive relationship with our members that is invaluable.

G. Third-Party Marketing Disclosure

Under California Civil Code § 1798.83, California residents with whom we have a business relationship can request information about the types of personal information, if any, we shared with third parties for the direct marketing purposes of the third parties and the identities of the third parties with whom we shared such information in the last 12 months. You may request more information by emailing us at dataprivacy@extendedstay.com or using the contact information at the bottom of this Privacy Notice.

IX. UPDATES TO THIS PRIVACY NOTICE

We may modify this Privacy Notice from time to time. When we make material changes to this Privacy Notice, we will post a link to the revised Privacy Notice on the homepage of our site. You can tell when this Privacy Notice was last updated by looking at the date at the top of the Privacy Notice. Any changes to our Privacy Notice will become effective upon posting of the revised Privacy Notice on the Services. Use of the Services, any of our products and services, and/or providing consent to the updated Privacy Notice following such changes constitutes your acceptance of the revised Privacy Notice then in effect.

X. AUTOMATED LICENSE PLATE RECOGNITION USAGE AND PRIVACY POLICY

We use Automated License Plate Recognition (ALPR) technology to collect information relating to vehicles present at various points of entry onto our physical properties located in California. We use this information to detect, prevent, investigate, report and address activities that may violate our policies, be illegal, or otherwise impact the safety or security of our employees, vendors, and Hotel Guests, as well as for loss prevention purposes.

ESH restricts access to ALPR technology and ALPR Information to only those ESH personnel with a need-to-know such information for their job requirements. Access is granted to ESA District Managers only. These personnel receive training in data security and the sensitivity of ALPR Information. ESH’s use of ALPR technology is overseen by Vice President of Safety & Security.

ALPR Information is securely stored on ESH’s vendors’ servers subject to access control processes and procedures. ALPR Information is password protected, encrypted in transit and storage, and not used for purposes other than those disclosed in this Privacy Notice. ESH takes reasonable measures to ensure accuracy and integrity of the ALPR information its vendors collect, including maintaining access controls and access logs (which includes the date/time information is accessed, license plate number, username of the person who accessed the information, and the purpose for accessing this information). ESH also monitors access logs to prevent unauthorized access. When using this information in connection with the investigation of an incident, ESH considers all available information, including information from other systems.

ALPR Information is stored for approximately seven (7) days before it is permanently deleted, unless we need to retain the information for compliance with applicable law, investigation of specific incidents, upon request of law enforcement or other valid legal processes.

ESH may disclose ALPR Information when we believe doing so is necessary to:

Protect the rights or property of ourselves or others, including detecting, investigating, and reporting suspicious activities to law enforcement;
Comply with the request of law enforcement to see ALPR data gathered during an identified time period.
Comply with applicable law or respond to legal process requests, including from law enforcement or other government agencies; or
Protect our ESH companies, our properties and inventory, our Hotel Guests and employees.

When ALPR Information is necessary for one of the above purposes, ESH uses reasonable safeguards, including encryption, to secure the transfer of ALPR information. ESH does not sell ALPR Information to third parties.

XI. CONTACT US

For questions or comments regarding this Privacy Notice, including to exercise your rights, please contact our guest services at 877.651.2124 or you may write our Privacy Officer at 11525 North Community House Road, Ste. 100, Charlotte, NC 28277 or dataprivacy@extendedstay.com.