Introduction

Our Privacy Commitment
The Plaza Hotel understands the right to privacy and is committed to keeping your information secure.

About this Privacy Policy
This Privacy Policy is an overview of how The Plaza Hotel processes personal information about individuals.

The list below sets out what is covered in this Privacy Policy and you can click on the headings below to go to a specific section:

1. SCOPE AND RELATIONSHIP WITH ACCOR SA
2. DEFINITIONS
3. TYPES OF INFORMATION WE PROCESS
4. REASONS FOR PROCESSING YOUR INFORMATION
5. CHILDREN
6. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES
7. INTERNATIONAL TRANSFERS OF PERSONAL DATA
8. HOW WE SAFEGUARD YOUR INFORMATION
9. HOW LONG WE KEEP YOUR PERSONAL DATA
10. YOUR RIGHTS
11. UNIVERSAL OPT-OUT MECHANISMS
12. CHOICES ABOUT YOUR INFORMATION
13. THIRD PARTY LINKS
14. ACCESSIBILITY
15. CONTACT US
16. UPDATES TO THIS PRIVACY POLICY

SCOPE AND RELATIONSHIP WITH ACCOR SA

This Privacy Policy governs the handling of Personal Data by The Plaza Hotel while carrying on commercial business and activities. This Privacy Policy is designed to also assist you in understanding how we collect, use, and safeguard information you provide to us in using our website (“Site”) and the services provided through our Site (“Services”).

Most Accor branded hotels are operated under a franchise or management agreement between the hotel’s owner and Accor SA (or one of its subsidiaries across the world).

When staying in one of these hotels, your Personal Data will be processed by the hotel and by Accor SA, both acting as Data Controllers for their own, separate, purposes.

Accor SA will process your data because it manages a central booking engine, which allows Accor SA to collect the data necessary to organize your stay in hotels under an Accor brand and to communicate this data to the concerned hotels. Accor SA also manages a global database of clients who stay in hotels under an Accor brand and Accor SA also manages the ALL loyalty programs. To know more about data processing activities under Accor SA’s control, please see the Accor Personal Data Protection Charter.

The Plaza Hotel will process your data to manage its contractual relationship with you (invoicing, payment, booking management etc.), to perform marketing activities and to comply with its legal obligations.

DEFINITIONS

We use the following definitions in this Privacy Policy:

“We” or “us” means The Plaza Hotel and Accor SA.

“Personal Data” means any data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of us (or our representatives or service providers).

“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

TYPES OF INFORMATION WE PROCESS

Information You Provide

We may collect the following Personal Data that you voluntarily provide to us:

• To book a hotel, spa, or restaurant reservation, you will provide us with your name, phone number, email address, physical address, and credit card information. We also may collect other information such as your job title, employer name, and hotel stay preferences. To book a spa reservation, you will also provide us with your gender.
• Event Consultation. To request an event consultation, you will provide us with your name, email address, phone number, and physical address.
• Other Activities. We may collect other types of Personal Data depending on your interaction with us during your stay, including your date of birth, photographs and digital imagery, government-issued identification in accordance with applicable law (e.g., driver’s license, passport, professional license number), vehicle information (e.g., license plate number), agreements, your communications preferences, and queriers you make to us.

Information as You Navigate Our Site

We automatically collect certain Personal Data through your use of the Site and Services, such as the following:

• Usage Information. For example, the pages on the Site you access, the frequency of access, and what you click on while on the Site.
• Device Information. For example, hardware model, operating system, application version number, and browser.
• Mobile Device Information. Aggregated information about whether the Site is accessed via a mobile device or tablet, the device type, and the carrier.
• Location Information. Location information from Site visitors on a city-regional basis.

Third Party Information

In some cases, we may receive certain Personal Data from you about a third party. For example, if you make an event consultation request, you may provide the name, phone number, email address, phone number, and physical address of a third party. If you submit Personal Data about another individual to us, you are responsible for making sure you have the authority to do so and to allow us to use their Personal Data in accordance with this Privacy Policy.

REASONS FOR PROCESSING YOUR INFORMATION

We use the Personal Data we collect for purposes including, but not limited to:

• Proceeding with the orders of our products and Services;
• Responding to enquiries, and inviting individuals to our events;
• Making reservations and responding to inquiries about our event venues;
• Conducting surveys and interviews with prospective customers and website visitors to improve our products and services;
• Providing information about our products and Services;
• Complying with regulatory obligations;
• Improving the content, functionality and usability of our Site;
• Personalizing the content of our Site according to the user’s interests;
• Managing and administrating our business; and
• Any other purpose identified in applicable Privacy Notices, or other agreements between you and The Plaza Hotel. When you make a reservation on a business partners’ website, take the time to read their privacy notice if you want to understand how these business partners may process your personal data.

Where we process Personal Data, we make sure that we have a lawful basis, including:

• Receiving and evaluating information is necessary to perform our contractual obligations with our customers;
• You have provided the required consent (in which cases, such consent can be withdrawn at any time);
• Processing is necessary to comply with legal and regulatory obligations;
• Processing is necessary to protect the vital interests of an individual;
• Processing is in the public interest;
• Processing is necessary to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
• Processing is in The Plaza Hotel’s legitimate interests, such as
  • managing and administrating the operation of our business effectively and efficiently;
  • complying with internal policies and procedures;
  • monitoring the use of our copyrighted materials;
  • conducting scientific and statistical research;
  • improving our products and services;
  • enabling quick and easy access to information on The Plaza Hotel offerings and services;
  • offering optimal, up-to-date security solutions for IT systems and mobile devices; and obtaining further knowledge of current threats to network security to update our security solutions and provide these to the market.

CHILDREN

We will not collect personal information for children under the age of 13 without prior, verifiable consent from his or her legal representative.

DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES

We may share your Personal Data within the The Plaza Hotel and its managers and owners for the purposes described above.

We may also share your Personal Data outside of the The Plaza Hotel for the following purposes:

• With vendors for the purposes of providing services to us (for example, web design, web support, information technology and communications providers). These vendors will be subject to appropriate data protection obligations and they will only use your Personal Data as described in this Privacy Policy;
• To the extent required by law, for example if we are under a duty to disclose your Personal Data to comply with any legal obligation (including, without limitation, to comply with tax reporting requirements and disclosures to regulators), or to establish, exercise or defend its legal rights;
• With any other person or entity as part of any business or asset sale, equity transaction, merger, acquisition, bankruptcy, liquidation, or similar proceeding, or in preparation for any of these events; and
• For any other purpose disclosed by us when you provide the Personal Data or for any other purpose we deem necessary, including to protect the health or safety of others

INTERNATIONAL TRANSFERS OF PERSONAL DATA

The Plaza Hotel is an establishment that serves global customers. Our customers and our operations are connected globally. As a result, we collect and transfer Personal Data on a global basis. That means that we may transfer your Personal Data to locations outside of your country.

If we transfer your Personal Data to a country located outside the European Economic Area (“EEA”), we will ensure that it is protected and transferred in a manner consistent with the legal requirements. In relation to data being transferred outside of the EEA, for example, this may be done in one of the following ways:

The country that we send the data to might be approved by the European Commission as offering an adequate level of protection for Personal Data;

The recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your Personal Data; or

In other circumstances the law may permit us to otherwise transfer your Personal Data outside Europe.

HOW WE SAFEGUARD YOUR INFORMATION

We maintain commercially reasonable security measures to protect the Personal Data we collect and store from loss, misuse, destruction, or unauthorized access. However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee absolute security.

HOW LONG WE KEEP YOUR PERSONAL DATA

How long we will hold your Personal Data for will vary and will be determined by the following criteria:

• The purpose for which we are using it – The Plaza Hotel will need to keep the data for as long as is necessary for satisfying that purpose.
• Legal obligations – laws or regulation may set a minimum period for which we have to keep your Personal Data.
• Events and venue inquiries received from the Site will be retained for no more than 18 months from the date of submission.
• “Send a Note to Eloise” form submissions will be retained for no more than 18 months from the date of submission.
• Additions to The Plaza Hotel mailing list are user dependent. A subscriber (recipient of the mailing list) can unsubscribe at any time.

YOUR RIGHTS

Under the applicable law (e.g., European data privacy law), you may have the following rights:

• The right to obtain information regarding the Processing of your Personal Data and access to the Personal Data which we hold about you;
• The right to withdraw your consent to the Processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation;
• In some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided directly to The Plaza Hotel;
• The right to request that we rectify your Personal Data if it is inaccurate or incomplete;
• The right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data, but we are legally entitled to retain it;
• The right to object to, or request that we restrict, our Processing of your Personal Data in certain circumstances. There may be circumstances where you object to, or ask us to restrict, our Processing of your Personal Data, but we are legally entitled to refuse that request;
• The right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us; and
• The right to provide instructions regarding the Processing of data after your death.

You can exercise your rights by contacting us using the details listed in paragraph 11 below.

UNIVERSAL OPT-OUT MECHANISMS

The Site recognizes the Global Privacy Control (“GPC”) signal. If you are using a browser setting or plug-in that sends an opt-out preference signal to each website you visit, we will treat that as a valid request to opt out. To download and use a browser supporting the GPC browser signal, click here:  https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Site does not currently interpret, respond to or alter its practices when it receives “Do Not Track” signals.

CHOICES ABOUT YOUR INFORMATION

Review and Request Changes to Your Personal Data

To review or request changes to any of your Personal Data, please contact us at PLZ.DataProtection@fairmont.com.

Marketing Communications

To unsubscribe from our marketing emails, please click the unsubscribe link included in the footer of our emails. You also may submit a request to us at PLZ.DataProtection@fairmont.com.

THIRD PARTY LINKS

The Site and Services may contain links that will let you leave the Site and Services and access another website. Linked websites are not under our control. Except as stated below, this Privacy Policy applies solely to Personal Data that is acquired by us on this Site and Services. We accept no responsibility or liability for these other websites.

ACCESSIBILITY

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this Privacy Policy in an alternative format, please contact us as described below.

CONTACT US

If you have any questions about this Privacy Policy, or to obtain more information about The Plaza Hotel’s handling of your Personal Data or anything data related request, please contact our Data Protection Officer using the following contact information:

Address:
Attention: Data Protection Officer
768 5th Ave
New York, NY 10019

Email Address:
PLZ.DataProtection@fairmont.com

Verifying the identity of the requester

For the purposes of confidentiality and personal data protection, we will need to check your identity in order to respond to your request. In case of reasonable doubts concerning your identity, you may be asked to include a copy of an official piece of identification, such as an ID card or passport, along with your request. A black and white copy of the relevant page of your identity document will suffice.

We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from our Data Protection, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, The Plaza Hotel’s Data Protection Officer will provide you with the contact information for that regulator.

UPDATES TO THIS PRIVACY POLICY

We may change this Privacy Policy at any time. Any changes will become effective when we post the revised Privacy Policy on this website. Your use of our services following these changes means that you accept the revised Privacy Policy. We recommend that you regularly review the Privacy Policy when you visit our Site.

This policy was last updated January 10, 2024.

YOUR STATE PRIVACY RIGHTS AND ADDITIONAL DISCLOSURES

Depending on the state in which you reside, you may have certain privacy rights regarding your personal data. If you are a California resident, please see our “Notice to California Residents” section below. For other state residents, your privacy rights may include (if applicable):

• The right to confirm whether or not we are processing your personal data and to access such personal data;
• The right to obtain a copy of your personal data that we collected from and/or about you in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another controller without hindrance, where the processing is carried out by automated means;
• The right to delete personal data that we collected from and/or about you, subject to certain exceptions;
• The right to correct inaccurate personal data that we maintain about you, subject to certain exceptions;
• The right, if applicable, to opt out of the processing of your personal data for purposes of (1) targeted advertising; (2) the “sale” of your personal data (as that term is defined by applicable law); and (3) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you;
• If we are required by applicable law to obtain your consent to process sensitive personal data, the right to withdraw your consent; and
• The right not to receive discriminatory treatment by us for the exercise of your privacy rights.

We use cookies to display advertisements about our products to you on nonaffiliated websites, applications, and online services. This is “targeted advertising” under applicable privacy laws. When we engage in those activities, we sell personal data (i.e., information from cookies) to third-party advertisers and analytics companies. We do not use personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning individuals.

To exercise your rights, please submit a request through our interactive webform available here or by calling us at 833.244.4421.  If legally required, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the individual on whose behalf you are making such request. To do so, we will ask you to verify data points based on information we have in our records. If you are submitting a request on behalf of another individual, please use the same contact methods described above. If we refuse to take action regarding your request, you may appeal our decision through our interactive webform available here or by calling us at 833.244.4421. If you would like to opt out of targeted advertising, you may alter your cookie preferences here.

NOTICE TO CALIFORNIA RESIDENTS

The California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CCPA”) requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, sale, sharing, and retention of personal information and of the rights of California residents regarding their personal information. This section of the Privacy Policy is intended solely for, and is applicable only as to, California residents. If you are not a California resident, this section does not apply to you and you should not rely on it.

The CCPA defines “personal information” to mean information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include information that is publicly available, deidentified or aggregate information or lawfully obtained, truthful information that is a matter of public concern.  For purposes of this “Notice to California Residents” section we will refer to this information as “Personal Information.”

NOTICE AT COLLECTION OF PERSONAL INFORMATION

We currently collect and, in the 12 months prior to Last Updated date of this Privacy Policy, have collected the following categories of the Personal Information:

• Identifiers (name, postal address, online identifier, Internet Protocol address, email address)
• Unique personal identifiers (device identifier; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology)
• Personal information described in California’s Customer Records statute (California Civil Code § 1798.80(e)) (telephone number, education information, professional or employment-related information (including employment history))
• Credit and debit card number
• Internet or other electronic network activity information (browsing history; search history; and information regarding consumer’s interaction with website, application or advertisement)
• Geolocation data
• Commercial information (records of services purchased)
• Characteristics of protected classifications under California or federal law (sex/gender)

We collect Personal Information directly from California residents and from data analytics providers. We do not collect all categories of Personal Information from each source.

In addition to the purposes stated above in the Section “REASONS FOR PROCESSING YOUR INFORMATION” we currently collect and have collected the above categories of Personal Information for the following business or commercial purposes:

• Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards
• Helping to ensure security and integrity to the extent the use of the consumer’s Personal Information is reasonably necessary and proportionate for these purposes
• Short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a consumer’s current interaction with us, provided that the consumer’s Personal Information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with us
• Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, or providing similar services
• Undertaking activities to verify or maintain the quality or safety of a service, and to improve, upgrade, or enhance the service
• Advancing our commercial or economic interests, such as by inducing another person to buy services

SALE, SHARING, AND DISCLOSURE OF PERSONAL INFORMATION

The following table identifies the categories of Personal Information that we sold or shared to third parties in the 12 months preceding the Last Updated date of this Privacy Policy and, for each category, the categories of third parties to whom we sold or shared Personal Information:

We sold or shared Personal Information to third parties for the following business or commercial purposes:

• Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards
• Advancing our commercial or economic interests, such as by inducing another person to buy services

The following table identifies the categories of Personal Information that we disclosed for a business purpose in the 12 months preceding the Last Updated date of this Privacy Policy and, for each category, the categories of recipients to whom we disclosed Personal Information.

We disclosed Personal Information for the following business or commercial purposes:

• Helping to ensure security and integrity to the extent the use of the consumer’s Personal Information is reasonably necessary and proportionate for these purposes
• Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, or providing similar services

We do not knowingly collect, sell, or share the Personal Information of consumers under 16 years of age. We do not use Sensitive Personal Information for purposes other than those the CCPA and its regulations allow for.

RETENTION OF PERSONAL INFORMATION

We will retain your Personal Information for as long as necessary to fulfill the purposes for which we collect it, such as to provide you with the service you have requested, and for the purpose of satisfying any legal, accounting, contractual, or reporting requirements that apply to us and as outlined in the “HOW LONG WE KEEP YOUR PERSONAL DATA” section above.

YOUR RIGHTS

If you are a California resident, you have the following rights with respect to your Personal Information:

• The right to know what Personal Information we have collected about you, including the categories of Personal Information, the categories of sources from which we collected Personal Information, the business or commercial purpose for collecting, selling or sharing Personal Information (if applicable), the categories of third parties to whom we disclose Personal Information (if applicable), and the specific pieces of Personal Information we collected about you;
• The right to delete Personal Information that we collected from you, subject to certain exceptions;
• The right to correct inaccurate Personal Information that we maintain about you;
• If we sell or share Personal Information, the right to opt out of the sale or sharing;
• If we use or disclose sensitive Personal Information for purposes other than those allowed by the CCPA and its regulations, the right to limit our use or disclosure; and
• The right not to receive discriminatory treatment by us for the exercise of privacy rights the CCPA confers.

HOW TO SUBMIT A REQUEST TO KNOW, DELETE, AND/OR CORRECT

You may submit a request to know, delete, and/or correct through our secure interactive webform available here, or by contacting our Data Protection Officer using the following information.

Address:
Attention: Data Protection Officer
768 5th Ave
New York, NY 10019

Phone:
833.244.4421

Email Address:
PLZ.DataProtection@fairmont.com

If you are submitting a request on behalf of a California resident, please submit the request through one of the designated methods discussed above. After submitting the request, we will require additional information to verify your authority to act on behalf of the California resident.

OUR PROCESS FOR VERIFYING A REQUEST TO KNOW, DELETE, AND/OR CORRECT

We will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such a request. We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure, deletion, or correction as applicable. To do so, we will ask you to verify data points based on information we have in our records concerning you.

RIGHT TO OPT OUT OF SALE OR SHARING OF PERSONAL INFORMATION

If you are a California resident, you have the right to direct us to stop selling or sharing your Personal Information.

To opt out of our selling and sharing of Personal Information through our online targeted advertising activities, please click here.  To also opt out of our selling and sharing of Personal Information with third parties, please also fill out our webform here.

If you have enabled privacy controls on your browser (such as a plugin), we will also treat that as a valid request to opt out.

NOTICE OF FINANCIAL INCENTIVE

From time to time, you may have the opportunity to provide Personal Information in exchange for discounts and price differences. For example, we provide a loyalty program. Categories of Personal Information that we may collect when you join our loyalty program include your name and email address.

How to Opt In and Right to Withdraw

Signing up for discounts and price differences is optional. By providing your email address during the loyalty program sign-up process, you affirmatively opt in to receiving the financial incentive and to joining our loyalty program. You have the right to withdraw from the financial incentive at any time. If you opt out of receiving a financial incentive, we will not reduce the value of any financial incentives you previously received from us. If you wish to withdraw from receiving the financial incentive, you can terminate your loyalty program membership or you may submit such a request by emailing us at PLZ.DataProtection@fairmont.com.

How the Financial Incentive is Reasonably Related to the Value of Your Personal Information

The financial incentive is reasonably related to the value provided by your Personal Information. We take into consideration, without limitation, the anticipated revenue generated from such information, the anticipated expenses which we might incur in the collection, storage, and use of such information, and the anticipated expenses which we might incur related to the offer, provision, and imposition of any financial incentive or price difference. Based on this analysis, the value of your Personal Information that allows us to make these offers and financial incentives is the value of the offer itself.

SHINE THE LIGHT LAW

We do not disclose personal information obtained through our Site or Services to third parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.83.

The Plaza
Fifth Avenue at Central Park South
New York, New York 10019
Direct: (212) 546-5249    Mobile: (646) 623-0247
fairmont.com/theplaza  •   theplazany.com