Effective: March 20, 2024
Costa Sur Resort, Classico Collection by Sonesta provides this Privacy Notice (“Privacy Notice”) describing important information about how we collect, use, and disclose your personal data in the following circumstances:
- Through the website we own and control that link to this Privacy Notice (the “Online Services”),
- Through the social media pages we control, emails that we send, and other direct marketing activities (“Marketing Activities”),
- Through our interaction with business contacts in the context of their relationship with us (“Business Contact Activities”),
- When you visit one of the properties we own, operate, franchise, or license and through other in-person interactions with you (“Offline Activities”).
What Personal Data We Collect
- Personal data – We collect personal data about our Guests so that we can provide an experience that is responsive to your needs and to enhance our offerings to you and our other customers, including:
- Name
- Postal address
- Email addresses
- Telephone numbers IP Address and other online identifiers
- Credit card information and other payment data
- Financial information, in limited circumstances
- Account information, such as username and password
- Gender or gender expression
- Health information, from Guests with particular health concerns that they have shared with us
- Lifestyle information, such as room preferences and other information necessary to fulfill special requests (e.g., medical conditions that require room accommodations)
- Date of birth
- Nationality, passport, visa, or other government-issued identification information
- Visual information captured through CCTV cameras at our facilities
- Job title and employment affiliations
- Employer details
- Travel itinerary, tour group, or activity data
- Guest preferences and personalized data, such as your communications and language preferences, travel habits and preferences, food and beverage preferences, interests, activities, hobbies, prior stays or interactions, goods and services purchased, special service and amenity requests, and important dates (such as birthdays, anniversaries and special occasions)
- Social media account ID, profile photo, and other data publicly available, or data made available by linking your social media
- Information about family members and companions, such as names and ages of children
- Images, video, and audio data via security cameras and security personnel body cameras
- Geolocation information
- Other Data – We collect other data about you, including:
- Information regarding your use of our Online Services, including browser and device data, and data collected through cookies, pixel tags, and other technologies (these practices are more fully described below in the “Cookie Notice” section)
- Demographic data and other data provided by you
- Aggregated data relating to your stays
- How We Collect Personal Data
Online Services and Marketing Activities – We collect Personal Data through our Online Services and Marketing Activities when you:- Research and book a reservation
- Purchase products or services
- Make a customer service request
- Respond to a survey
- Update your contact information
- Participate in a competition, promotional activity, or sweepstakes
- Provide a testimonial, story, review, or comment
- “Like,” “Follow,” or otherwise connect with or post to one of our social media pages
- Interact with an email we send
- Offline Activities – We collect Personal Data during your visits to properties we own, operate, franchise, or license, and through other in-person interactions when you:
- Purchase or use on-site products and services, such as restaurants
- Attend promotional events that we host or in which we participate, or when you provide your personal data to facilitate an event.
- Business Partners – We collect Personal Data from companies with whom we partner to provide you with products, services, or offers based upon your experiences at our properties or that may be of interest to you. These business partners are independent from Costa Sur Resort, Classico Collection by Sonesta. Examples of our business partners include:
- Owners, franchisees, and licensees
- On-property retail and food and beverage outlets
- Travel agents and tour operators
- Time share partners
- Rental car providers
- Travel booking platforms
- Other Sources – We collect personal data from other sources, such as public databases, joint marketing partners, Guest devices that are connected to Wi-Fi we provide, and other third parties.
- Internet-Connected Devices – We collect personal data from internet-connected devices available in our properties.Why We Collect Personal Data
Why We Collect Personal Data
We collect the personal data above about our Guests so that we can provide an experience that is responsive to your needs and to enhance our offerings to you and our other customers. More specifically, we use the information in connection with the following:
- Our business transactions with you, including, but not limited to:
- Fulfilling bookings
- Entering into a contract with you
- Responding to your inquiries and fulfilling your requests
- Sending administrative information to you (for example, information regarding the Services)
- Completing and fulfilling any purchases or requests for services
- Our legitimate business interests, including, but not limited to:
- Providing any other specific products, services, and information you request from us
- Providing you our surveys, and other marketing and informational materials regarding our properties, products, and services (subject to your opt out right described in the “Opt Out” section below)
- Personalizing your experience on the Services by presenting products and offers tailored to you
- Allowing you to participate in sweepstakes, contests, and similar promotions, and to administer these activities (each of which may have additional rules and could contain additional information about how we process your personal data)
- Facilitating social sharing functionalities of your social media accounts
- Carrying out data analysis, audits, fraud monitoring and prevention, internal quality assurance, developing new products, enhancing, improving or modifying our Services, identifying usage trends, auditing use and functionality of our Services, helping enforce compliance with our Terms of Use, helping protect our Services, determining the effectiveness of our promotional campaigns, and operating and expanding our business activities
- Allowing you to send messages to a friend through the Services. By using this functionality, you are telling us that you are entitled to use and provide us with your friend’s name and email address
- Fulfilling any other purpose for which you provide your personal data or which we disclose to you at the time of disclosure
- Any consent you may have provided, including, but not limited to accommodating special requests due to health conditions.
- We will make it clear to you in advance that we are relying on your consent, and you have the right to decline to provide your consent and, if consent is provided, to withdraw your consent at any time
- As necessary or appropriate for legal reasons, including, but not limited to:
- To comply with our legal obligations
- To comply with legal process
- To respond to requests from public and government authorities, including those outside your country of residence
- To enforce our terms and condition
- To protect our operations or those of any of our affiliates and other third parties
- To protect our rights, privacy, safety, or property, or that of our affiliates, you, or other third parties, including to support and enhance our data security
- To allow us to pursue available remedies or limit damages we, our affiliates, or other third parties, may sustain
- Security
We seek to take steps to protect the information you provide us from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We have implemented physical, electronic, and managerial procedures to help safeguard and secure your
information from loss, misuse, unauthorized access or disclosure, alteration, or destruction. Unfortunately, no security system is 100% secure, thus we cannot guarantee the security of all information you provide to us via the Services.
Your Rights; Region-Specific Disclosures
Individuals in certain jurisdictions may have certain rights with respect to their personal data. These may include the right to access your personal data, to request corrections to your personal data if it is inaccurate, to ask us to erase your personal data, or to restrict or object to the processing of your personal data.
If you make a request related to personal data about you, we may need to verify your identity. You may submit a request using the means described under the “Contact Us” section below.
If you are a resident of the European Economic Area, the United Kingdom, or the state of California or Virginia, please follow the below links for additional information:
- Our business transactions with you, including, but not limited to:
- European Economic Area or United Kingdom – For individuals in the European Economic Area or the United Kingdom, please click here for additional detailed disclosures (“EEA and UK Disclosures”).
- California and Virginia – For California and Virginia residents, please click here for additional detailed disclosures (“State Privacy Disclosures”).
Policy Changes
At times our Privacy Notice may be changed, and any updates will be posted to this site. If material changes are made to this Notice, we will post a notice to the revised policy on the homepage of this site for at least thirty (30) days. Any changes that are made will go into effect when posted on the site and they will apply to all users of our Services. We encourage you to check this policy periodically for updates.
Contact Us
If you have any questions about this Policy, or any concerns or complaints with regard to the administration of the Policy, please contact us by any of the following means:
- by calling our Compliance Hotline at 855.251.0649
- by mailing a written description of your concern or complaint to:
Costa Sur Resort, Classico Collection by Sonesta
Chief Compliance Officer,
Carretera hacia Barra de Navidad km 4.5 Zona Hotelera Sur
Puerto Vallarta, MX, 48390 - by emailing to privacyinquiries@sonesta.com
Sensitive Personal Information
We may collect information that is considered “sensitive” under the CCPA, such as payment card or other financial information, account login information such as username and password, and data concerning health that we may collect from Guests with particular health concerns. When we do so, we use such information only for lawful purposes in compliance with the CCPA and other applicable privacy laws, such as to perform the services or provide the goods requested by you and to resist malicious, deceptive, fraudulent, or illegal actions. We do not use such information to infer characteristics about individuals.
Changes to State Privacy Disclosures
At times our CCPA Disclosures may be changed and any updates will be posted to this site. If material changes are made to this Notice, we will post a notice to the revised policy on the homepage of this site for at least thirty (30) days. Any changes that are made will go into effect when posted on the site and they will apply to all users of our Services. We encourage you to check this policy periodically for updates.
Contact Us
To assert one of your legal rights described in these State Privacy Disclosures, or if you have any questions about these CCPA Disclosures or our data handling practices, please contact us by any of the following means:
- by calling our Compliance Hotline at 855.251.0649
- by mailing a written description of your concern or complaint to:
Costa Sur Resort, Classico Collection by Sonesta
Chief Compliance Officer,
Carretera hacia Barra de Navidad km 4.5 Zona Hotelera Sur
Puerto Vallarta, MX, 48390 - by emailing to privacyinquiries@sonesta.com.