Privacy Policy

Effective 04/19/2023
Download the Privacy Policy as a PDF

Click Here To Visit Our Terms of Use Page

INTRODUCTION

The Broadmoor Hotel, Inc., along with its subsidiary companies listed below (collectively “Broadmoor,” “us,” “our,” or “we”), is committed to respecting your privacy. This Privacy Policy (“PrivacyPolicy”) describes how we collect, process, and share your Personal Data (defined below). We also describe your rights and choices with respect to your Personal Data and other important information. Please read this Privacy Policy carefully.

SCOPE OF THIS POLICY

This Privacy Policy applies to Personal Data collected through our “Services”, which include:

Our “Offline Services”- Services you use when you visit properties;
Our “Digital Services” including:
- websites that link to/post this Privacy Policy, including any subdomains or mobile versions;
- mobile applications (the “Mobile App(s)”); and
- on-premise or web-enabled technologies, such as on-premise WiFi, Bluetooth beacons, and internet-connected kiosks and devices (the “Internet and IoT Service(s)”).

Note that certain third parties may be able to identify you across sites and services using the information they process, however, any such processing not done at the direction of Broadmoor is outside the scope of this Privacy Policy.

WHO WE ARE

The Broadmoor Hotel, Inc. is a Colorado hotel/resort located at 1 Lake Avenue, Colorado Springs, CO 80906. The Broadmoor’s subsidiary companies include, at the time of publication of this Privacy Policy: Broadmoor Hotel Inc., Manitou and Pikes Peak Railway Company, PF LLC, Emerald Valley LLC

HOW TO CONTACT US

If you have any comments or questions about this Privacy Policy or privacy practices, please contact our Data Privacy Team at:

The Broadmoor
Attn: VP of Sales and Marketing
1 Lake Avenue
Colorado Springs, CO 80906
Data Rights Inquiries: Visit our Data Rights Webform, or call (866) 702-0816

General Inquiries, Marketing Choices, Data Updates, and Direct Marketing Disclosure Requests: privacy@broadmoor.com

CATEGORIES AND SOURCES OF PERSONAL DATA

The following describes how we process data relating to identified or identifiable individuals and households (“Personal Data”), including the categories of Personal Data, its sources, and the purposes for which we process that data.

The categories of Personal Data we process
The categories of Personal Data we collect and use include (these are examples may be subject to change):

Identity Data
Information such as your name; address; email address; telephone number; gender; date of birth, age and/or age range; account login details, including your user name and password, or other account-related information; information you provide in connection with your application to be a vendor, volunteer, employee, or otherwise join or support our team; your identity, public profile, and similar information from social networks such as Facebook; and information such as unique IDs and similar data collected or derived from the use of RFID enabled products such as keycards.

Contact Data
Identity Data that relates to information about how we can communicate with you, such as email, phone numbers, physical addresses, social media handles, and information you provide to us when you contact us by email or when you communicate with us via social media.

Location Data
Information about your location, including “precise location data” (data from GPS, Wi-Fi triangulation, and similar) and “general location” (social media tags/posts, dates and times of your visit and which properties or locations you visited).

Device/Network Data
Browsing history, search history, and information regarding your interaction with a web site, application, or advertisement (e.g. IP Address, MAC Address, SSIDs or other device identifiers or persistent identifiers), online user ID, device characteristics (such as browser/OS version), web server logs, application logs, browsing data, first party cookies, third party cookies, web beacons, clear gifs and pixel tags.

Commercial Data
Information about the Services we provide to you and about reservations and transactions you make with us or other companies operating through us or on our behalf (including travel agents), information relating to events and services at our properties and locations you attend/use, information about purchases, what has been provided to you, when and where and, if applicable, how much you paid, and similar information.

Inference Data
Personal Data used to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes, market segments, likes, favorites and other data or analytics provided about you or your account by social media companies or data aggregators, including household data, the products and services you use or intend to use or purchase, and your interests.

Financial Data
Information such as bank account details, payment card information, and information from credit reference agencies, including similar data defined in Cal Civ Code § 1798.80(e).

Audio/Visual Data
Recordings and images collected from our surveillance cameras when you visit our properties and locations and areas adjacent to them, as well as audio files and records, such as voice mails, call recordings, and the like.

Health Data
Information about your health (for example when you are reserving accommodations or activities requiring wheelchair access, when you request accommodation for allergies, if we need to verity vaccination status, or when we are responding to an accident or other health-related incident).

User Content
Unstructured/free-form data that may include any category of Personal Data, e.g. data that you give us in free text fields such as comment boxes, answers you provide when you participate in sweepstakes, contests, and surveys, including any other Personal Data which you may provide through or in connection with our Services.

Sources of Personal Data
We collect Personal Data from various sources, which vary depending on the context in which we process that Personal Data:

Data you provide us
We will receive Personal Data you provide to us, such as when you make a reservation or stay with us, purchase our products or services, complete a transaction via our Services, or when you otherwise use our Services.

Data we collect automatically
We collect Personal Data about or generated by any device you have used to access our Services, or when you use Wi-Fi at our properties.

Data we receive from service providers & Agents
We receive Personal Data from on-line travel agents such as Expedia or Booking.com or brick and mortar travel agents who transfer Personal Data to us when you book reservations for our Services through them, and other service providers performing services on our behalf.

Data we receive from aggregators and advertisers
We receive Personal Data from ad networks, behavioral advertising vendors, market research, and social media companies or similar companies that provide us with additional Personal Data such as Inference Data.

Data we receive from social media companies
We receive Personal Data from Facebook and other social media companies who may transfer Personal Data to us when you interact with that social media company in connection with our Services.

Data we create and infer
We, certain partners, social media companies, and third parties operating on our behalf create and infer Personal Data such as Inference Data or Aggregate Data based on our observations or analysis of other Personal Data processed under this Policy, and we may correlate this data with other data we process about you. We may combine any Personal Data about you that we receive from you, from other companies within our family of companies, and from third parties.

HOW WE PROCESS PERSONAL DATA

When you use our Services, we process your Personal Data in specific contexts and for certain specified purposes, as well as for our general business purposes and, in some cases, for commercial purposes.

How we Collect and Use Personal Data
We collect and process Personal Data in several contexts when you use our Services, including:

When you make a reservation, purchase or other transaction
We generally process Identity Data, Financial Data, Commercial Data and Contact Data when you make a reservation or engage in a purchase and sale transaction, whether through our Digital Services, over the phone, or in person. We process this Personal Data as necessary to perform or initiate a contract with you, process your order, and carry out fulfillment-related processing. In addition, we may also collect or create Device/Network Data and Inference Data. This data, together with other data we collect in this context is used in connection with legitimate business interests, such as ensuring the security of our Services, preventing fraud, providing information about our Services, contacting you about administrative matters, and responding to queries, complaints, or correspondence you send us. We may also use this Identity Data, Commercial Data, Contact Data, and Device/Network Data collected in this context for our Commercial Purposes.

When you visit our properties or participate in activities we provide
We generally process Identity Data, Commercial Data, Financial Data, and Contact Data when you interact with us Offline. Additionally, when you use electronic or RFID technologies, or use on-premise Digital Services, we will collect Device/Network Data (see below for additional information regarding our Digital Services). In addition, we may process this data in combination with Inference Data and Location Data that we collect and/or create as necessary in connection with certain legitimate business interests in verifying your identity for authentication and security purposes, preventing fraud, and returning lost property to its owner. We may also use Identity Data, Commercial Data, and Contact Data collected in this context for Commercial Purposes.

We may sometimes collect Health Data, which is generally used so that we can tailor our Services to you (for example, a wheelchair accessible room) or in connection with our response to health-related incidents at our properties. We will process this information only with appropriate consent where required by law.

Closed Circuit Television (CCTV)
We may operate CCTV or security cameras on and adjacent to our properties. In connection with these systems, we may collect and/or create Audio/Visual Data as necessary in connection with certain legitimate business interests, such as:

preventing and detecting crime and to keep people who visit and work at our locations safe and secure;
recording and investigating health and safety and other incidents which have happened or may have happened at our properties;
counting the numbers of people who visit our properties and to analyze flows of people around the properties for safety and commercial purposes using software which analyzes CCTV camera images; and
creating aggregate data.

When you access or use our Digital Services
When you use our Digital Services, we automatically collect and process Device/Network Data. We use this data as necessary to initiate or fulfill your requests for certain features or functions through our Services, such as keeping you logged in, delivering pages, etc. In addition to Device/Network Data, we may also collect and process Contact Data, Identity Data and Inference Data that we collect, create, and/or receive (including through the use of cookies and similar technologies). We typically use this data as necessary in connection with certain legitimate business interests, such as ensuring the security of our websites and other technology systems, and analyzing the use of our Digital Services, to help us make improvements.

Some Digital Services may, with your consent, process Location Data. We use this data, together with Inference Data, and Device/Network Data in order to provide directions and contextual information to you, and other features that require the use of location. We may also use this information in connection with our legitimate business interests, such as, creating aggregate information about users’ location and patterns, which we use to help improve our Services. Note, Location Data may be required in order for you to use certain features of our Digital Services. We may also process Identity Data, Contact Data, and User Content if you interact with or identify us on social media platforms.

We may also use Identity Data, Device/Network Data, Location Data, Inference Data and Contact Data collected in this context for Commercial Purposes.

Cookies and other tracking technologies
We use cookies and similar technologies on our Digital Services. These technologies can be used to collect or create Identity Data, Device/Network Data, Contact Data, or Inference Data. Third parties may be allowed to view, edit, or set their own cookies or place web beacons on our websites. Cookies and web beacons allow us and third parties to distinguish you from other users of our websites, and some of these technologies can be used by us and/or our third party partners to identify you across platforms, devices, sites, and services. Third parties may engage in targeted advertising using this data.

We and authorized third parties may use cookies and similar technologies for the following purposes:

for “essential” or “functional” purposes, such as to enable certain features of our Digital Services (for example, to allow a customer to maintain a basket when they are shopping at an online store);
for “analytics” purposes, such as to analyze the traffic to and usage of our Digital Services (for example, how many people have looked at a page, how visitors move around the Site, what website they visited prior to visiting our Site, and use this information to understand user behaviors and improve the design and functionality of the website);
for “retargeting” or similar advertising or commercial purposes, such as:
for social media integration e.g. via third-party social media cookies, or when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking website such as Facebook or Twitter;
to collect information about your preferences and demographics to help target advertisements which are more likely to be of interest to you using behavioral advertising; and
to allow us to carry out retargeting (this includes, for example, when advertisements are presented to you for products or services which you have previously looked at on a website but have not purchased).

The use of these technologies by third parties may be subject to their own privacy policies and is not covered by this Privacy Policy, except as required by law.

We may also use your Identity Data, Device/Network Data, Inference Data and Contact Data collected in this context for Business Purposes and Commercial Purposes.

When you enter a contest or other promotion
We collect and process Identity Data, Contact Data, and User Content as necessary to process your request to enter the contest, or take part in a promotion, notify you if you have won or to process delivery of a prize or for other related purposes. In addition, we may process this information in connection with our legitimate business interests, such as verifying your identity for authentication and security purposes, and helping us to prevent fraud.

Note, if you win a contest/sweepstakes, we may publicly post some of your data on our website (such as on a winners’ page). Where required by law, your information will not be posted without your consent. Unless prohibited by law, we may use this Identity Data, Contact Data, and User Content information for Commercial Purposes.

When you contact us or submit information to us
We collect and process Identity Data, Contact Data, and any Audio/Visual data or User Content you provide as necessary to address your request, fulfill the business purpose for which that information was provided, or for other related purposes. Additionally where you consent, if relevant to your request (such as an inquiry regarding a product, service, etc.) or if otherwise permitted by law, we may send you marketing communications as described further below, and use this information for Commercial Purposes.

Feedback and Surveys
We may process Identity Data, Contact Data, Inference Data, and User Content collected in connection with guest surveys or questionnaires. We generally process this Personal Data as necessary to respond to guest requests/concerns, and create aggregate analytics regarding guest satisfaction. We may store and analyze feedback for our purposes, for example, to personalize the Services, and help recommend relevant offers or services. We may also use the Identity Data, Contact Data, Inference Data, and User Content collected in this context for Business Purposes and Commercial Purposes.

Employment & Service Provider Applications
We may process Personal Data in connection with your application to be a vendor, employee, or otherwise join or support our team. We process this Personal Data primarily in connection with the personnel relationship. Details regarding our collection and processing of Personal Data for these purposes may be subject to the privacy policies of our service providers who manage our career portal, and this data is also subject to our internal policies.

Public Health and Vaccinations
We may collect Personal Data, including Health Data, in the event we determine that it is necessary for us to require guests to provide such information as a condition of travel in order to protect the health or other vital interests of our guests or the public, or we are required to collect or process such Personal Data by a public health or other governmental authority. For example, in extraordinary times (such as a pandemic) we may require proof of vaccinations against certain illnesses (such as Covid-19) in order for guests to stay with us or participate in certain activities. Where we collect this Personal Data, we will use it only as necessary to fulfill or ensure compliance with relevant booking contracts, to protect the health, safety, and vital interests of our personnel, guests and the public, and as otherwise necessary for applicable legal or compliance purposes. Where a lawful basis is required to process this data, we may process such data on one of several bases, including as necessary to carry out a contract you request, to ensure public health or other substantial public interest, as necessary to comply with the law, to establish or defend against legal claims, or with your consent. Where we process Health Data, we will limit access to such information, and minimize the information that reveals any condition or information about your health as much as reasonably possible to fulfill the purpose of collection. Personal Data will be stored only for so long as is necessary to fulfill those purposes, or as may otherwise be required for our legal compliance obligations. Please note, in cases where public health authorities or governmental agencies require proof of vaccination or request other Health Data, of if you elect to engage a third party with similar requirements to provide services to you (e.g. a transportation service or excursion), we may disclose Health Data or other Personal Data to that party where required by law, if the third party requests such information, or if you authorize its disclosure.

How we Process Personal Data for Business Purposes
We and our service providers process Personal Data we hold for numerous business purposes, depending on the context of collection, your rights and choices, and our legitimate business interests. For example, we generally process Personal Data in connection with:

Service Provision and Contractual Obligations
We process any Personal Data as is necessary to provide our Service, to provide you with the products and services you purchase or request, to authenticate users and their rights to access the Service, or various data, features, or functionality, and as otherwise necessary to fulfill our contractual obligations to you, and provide you with the information, features, and services you request. Additionally, we use information to authenticate your right to access our properties and locations, deliver products and services, and for other related matters. Similarly, we may use Personal Data as necessary to audit compliance, and log or measure aspects of service delivery (e.g. to document ad impressions).

Internal Processing and Service Improvement
We may use any Personal Data we process through our Services as necessary in connection with our legitimate business interests in improving the design of our Service, understanding how are Services are used or function, for customer service purposes, in connection with logs and metadata relating to service use, and for debugging and similar purposes relating our identification of errors and improving the stability of the Service. Additionally, we may use Personal Data to understand what parts of our Service are most relevant to Users, how Users interact with various aspects of our Service, how our Service performs or fails to perform, etc., or we may analyze use of the Service to determine if there are specific activities that might indicate an information security risk to the Service or our Users.

Security and Incident Detection
Whether online or off, we work to ensure that our Services are secure. We may process any Personal Data we collect in connection with our legitimate business interest in ensuring that our properties and locations are secure, identify and prevent crime, prevent fraud, and ensure the safety of our guests. Similarly, we process Personal Data on our Digital Services as necessary to detect security incidents, protect against, and respond to malicious, deceptive, fraudulent, or illegal activity. We may analyze network traffic, device patterns and characteristics, maintain and analyze logs and process similar Personal Data in connection with our information security activities.

Compliance, health, safety, public interest
We may also process any Personal Data as necessary to comply with our legal obligations, such as where you exercise your rights under data protection law and make requests, for the establishment and defense of legal claims, or where we must comply with our legal obligations, lawful requests from government or law enforcement officials, and as may be required to meet national security or law enforcement requirements or prevent illegal activity. We may also process data to protect the vital interests of individuals, or on certain public interest grounds, each to the extent allowed under applicable law. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.

Aggregated data
We process Personal Data about our customers and users in order to identify trends (to create aggregated and anonymized data about our customers/users, buying and spending habits, use of our Services, and other similar information (“Aggregated Data”). We may pass Aggregated Data to certain third parties to give them a better understanding of our business and to improve our Services. Aggregated Data will not contain information from which you may be personally identified.

Personalization
We process certain Personal Data in connection with our legitimate business interest in personalizing our Services. For example, aspects of the Digital Services may be customized to you based on your interactions with our Digital Services and other content. This processing may involve the creation and use of Inference Data relating to your preferences.

Other Business Purposes
If we process Personal Data in connection with our Service in a way not described in this Privacy Policy, this Privacy Policy will still apply generally (e.g. with respect to your rights and choices) unless otherwise stated at collection. We will process such information in accordance with the notice provided at the time of collection or in a manner that is necessary and proportionate to achieve the purpose for which the Personal Data was collected, or for another purpose that is compatible with the context in which the Personal Data was collected.

How we Process Personal Data for Commercial Purposes
We and certain third parties process Personal Data we hold for certain commercial purposes, depending on the context of collection and your rights and choices, including:

Personalization & Consumer Profiles
In order to understand our customers’ preferences, and better recommend products and services to our prior customers, we may create a “Consumer Profile” by linking together and analyzing Personal Data collected in the following contexts:

When you make a reservation, purchase or other transaction through our Service
When you stay at properties we own or operate
When you access or use our Digital Services
Cookies and other tracking technologies
When you enter a contest or other promotion
When you contact us or submit information to us
Feedback and Surveys

We may also augment Consumer Profiles with Personal Data that we create (such as Inference Data) or that we receive from our affiliates or third parties, and may include Personal Data such as Services you have used or purchased, information about when you have visited our properties and what activities you participated in, and demographic data.

We use Consumer Profiles for our legitimate interests in market research and statistical analysis in connection with the improvement of our Services. For example, we may analyze the Personal Data of people who have made a reservation for a particular itinerary in the past and compare them with other people in our database. If we identify people in the database who have similar Personal Data to the previous guests, we may then target marketing via emails to the new people. We may conduct the profiling and send these emails automatically. We may also use this information for other Commercial Purposes.

Marketing Communications
Consistent with our legitimate business interests, we (or if appropriate, our third-party partners) may send you marketing and promotional communications if you sign up for such communications or purchase products or services from us. Where allowed, we may also send you these communications if you register for our Services or for a promotion, or in connection with your communications with or submission of User Content to us. These communications may be personalized or customized based on your user profile. We may also collect Device/Network Data and Contact Data so that we can determine whether you have opened an email or interacted with our communications, and we may generate Inference Data based on these interactions. We may also process this Personal Data for targeted advertising. However, where consent to processing is required by law, we will link and process this information for targeted advertising with appropriate consent.

Targeted Advertising
We and certain third parties operating on or through our Services, may engage in targeted advertising on our Corporate Site. This form of advertising includes various parties and services providers, including third party data controllers, engaged in the processing of Personal Data in connection with advertising. These parties may be able to identify you across sites, devices, and over time.

The parties that control the processing of Personal Data for behavioral advertising may create or leverage information derived from personalization and profiling. In some cases, these parties may also develop and assess aspects of a profile about you to determine whether you are a type of person a company wants to advertise to and determine whether and how ads you see are effective. These third parties may augment your profile with demographic and other Inference Data derived from these observations, and may also track whether you view, interact with, or how often you have seen an ad, or whether you complete a purchase for something you saw in an advertisement.

We generally use targeted advertising for the purpose of marketing our Services and third-party goods and services, to send marketing communications, including by creating custom marketing audiences on third-party websites (such as Facebook) or targeting users with advertisements on other websites.

Data Sales
For purposes of the California Consumer Privacy Act, we do not sell your Personal Data.

HOW WE SHARE PERSONAL DATA

Affiliates
In order to streamline certain business operations, improve Service personalization and behavioral marketing, develop products and services that better meet the interests and needs of our customers, and promote information we believe will be of interest to you, we will share your Personal Data internally within our family of companies, as well as our current future affiliated entities.

Service Providers & Agents
In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests and business purposes, we may share your Personal Data with service providers who provide certain services or process data on our behalf. For example, we may use cloud-based hosting providers to host our Service or may disclose information as part of our own internal operations or other business purposes (which may include the legitimate interests and business purposes of the Service Provider themselves).

See the California Rights & Disclosures section for a list of categories of Personal Data disclosed for Business Purposes.

Partners
We may offer you the opportunity to use services operated by third parties (such as excursions, tours, etc.), and if you choose to use these services, we will disclose the Personal Data requested by such third party, or that you direct us to provide to them.

Social Media Platforms
In order to improve personalization, deliver more relevant advertisements, and develop better products and services, we may share certain Personal Data with current or future affiliated entities and trusted third parties for marketing, advertising, or other commercial purposes, and we may allow third parties (such as Facebook and social media advertisers, ad exchanges, data management platforms, or ad servers) to operate on our Services and process data for targeted advertising. These transfers may be made for Commercial Purposes and in connection with Data Sales.

Additionally, If you use any social media plugin, API, or other similar feature, use an event hashtag or similar link, or otherwise interact with us or our Services via social media, we may make your post available on our Services or to the general public. We may share, rebroadcast, or redisplay Personal Data or other information in the post to the extent permitted by the relevant social media service.

Data Aggregators
In connection with our marketing operations, and subject to Users’ rights and choices, we may share certain Personal Data with data aggregators for Commercial Purposes and in connection with Data Sales. These disclosures/sales can help better personalize our Services, the services of third parties, enrich Consumer Profiles and help ensure that you see advertisements that are more relevant to your interests.

Successors
Your Personal Data may be shared if we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Lawful Recipients
In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use, in the vital interests of us or any person, or in such other circumstances as may be required or permitted by law. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

INTERNATIONAL TRANSFERS OF PERSONAL DATA
If you are located outside the US, your Personal Data may be transferred to and/or processed in a location outside of the European Economic Area (EEA).

Your Personal Data may also be processed by staff operating in the United States or outside the EEA working for us, other members of our family of companies or third-party data processors. Such staff may be engaged in, among other things, the provision of our Services to you, the processing of transactions and/or the provision of support services.

Some countries outside the EEA do not have laws that protect your privacy rights as extensively as those in the EEA. However, if we do transfer your Personal Data to other territories, we will put in place appropriate safeguards to ensure that your Personal Data are properly protected and processed only in accordance with this Privacy Policy. We may transfer Personal Data from the EEA to the US using the EU standard contractual clauses or other lawful mechanisms. You can obtain more information about the safeguards we put in place by contacting us.

HOW WE RETAIN YOUR PERSONAL DATA
We retain Personal Data for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. We will review retention periods periodically and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate.

YOUR RIGHTS & CHOICES
You may have certain rights and choices regarding the Personal Data we process. Please note, these rights may vary based on the country or state where you reside, and our obligations under applicable law.

Additional information regarding individuals’ rights in California are available here.
Additional information regarding individuals’ rights in the EU/EEA/Switzerland/Cayman Islands are available here.

YOUR RIGHTS
To the extent applicable law grants you the right to do so, and subject to any necessary verification, you may have the right to:

request that we provide you with a copy of the Personal Data which we hold about you;
request that we update any of your Personal Data which are inaccurate or incomplete;
request that we delete any of your Personal Data which we are holding; or
request that we provide your Personal Data to you or a third-party provider of services in a structured, commonly-used and machine-readable format.

To submit a request, you may visit our Data Rights Webform. Your request must include your name, email address and postal address and we may require proof of your identity.

YOUR CHOICES

Marketing Communications
You can withdraw your consent to receive marketing communications by clicking on the unsubscribe link in an email. You can also withdraw your consent to receive marketing communications or any other consent you have previously provided to us by emailing privacy@broadmoor.com. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails.

Withdrawing Your Consent/Opt-Out
Where we are processing your Personal Data based on your consent, you may change your mind and withdraw your consent at any time. The consequence of you withdrawing consent might be that we cannot perform certain Services for you, such as location-based services, personalization or providing certain types of advertising, or other services conditioned on your consent or choice not to opt-out.

Location Preferences
You may control or limit location data that we collect through our Services by changing your preferences in your device’s location services preferences menu, or through your choices regarding the use of Bluetooth, WiFi, and other network interfaces you may use to interact with our Services. However, please note that use of RFID technologies may be necessary for the functioning of hardware required for certain processing of Personal Data. Note, general location data may still be collected if you opt out of specific location services.

Do-Not-Track
Our Services do not respond to your browser’s do-not-track request. If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu. You must opt out of third party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Privacy Policy, or Google Analytics Opt-out.

Advertising
You may opt out or withdraw your consent to behavioral advertising. In some cases, we may be able to process third party opt-out requests directly, however in some cases, you must opt out of third party services directly via the third party. For example, to opt out of Google’s use of cookies, visit Google’s Ads Settings, here. If you wish to take steps to opt-out of tracking by certain online advertisers, you can visit the Digital Advertising Alliance’s opt-out page at http://www.aboutads.info/choices or the Network Advertising Initiative at www.networkadvertising.org/optout_nonppii.asp. You can limit or opt out of our processing for behavioral advertising by emailing privacy@broadmoor.com.

DATA SALES
If you are a California Resident or otherwise have the right to opt out of data sales and if we have engaged in any sales of your Personal Information, you may do so by visiting our Data Rights Webform or by calling us at (866) 702-0816. You may be required to validate your identity to ensure your request is not fraudulent.

Regional Rights
See the Your California Privacy Rights section for additional information regarding other privacy rights under California law.

Residents and others in the EU, EEA and Cayman Islands may have rights under EU and other law. See the Your EU/Other Privacy Rights section for additional information.

HOW WE PROTECT YOUR PERSONAL DATA

We use industry standard technical and organizational security measures to protect your Personal Data. We cannot guarantee the security of your Personal Data when you transmit it to us, and any such transmission is at your own risk.

If you have a password which enables you to access one of our Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

THIRD PARTY WEBSITES AND MOBILE APPLICATIONS

We are not responsible for the privacy policies, content or security of any linked third party websites or mobile applications. We recommend that you check the privacy and security policies of each and every website and mobile application that you visit.

MINORS

Our Services are neither directed at nor intended for use by children under the age of 13 in the US, or under the age of 13 to 16 in the EU, depending on the local jurisdiction. We do not knowingly collect Personal Data from such individuals. If we learn that we have inadvertently done so, we will promptly delete it. Do not access or use the Services if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.

CHANGES TO OUR PRIVACY POLICY

We reserve the right to change our Privacy Policy from time to time. Any such changes will be posted on this page so that we can keep you informed about how we process your Personal Data. We recommend that you consult this page frequently so that you are aware of our latest Privacy Policy and can update your preferences if necessary. Your continued use of our Services shall constitute your acceptance of any revised Privacy Policy.

ADDITIONAL RIGHTS AND DISCLOSURES: EU/EEA, SWITZERLAND, CAYMAN ISLANDS, ETC.

Your EU/Other Privacy Rights
Under the GDPR and analogous legislation, you may have the following rights notwithstanding those set forth in the Rights & Choices section above, subject to your submission of an appropriately verified request. Submit requests by emailing privacy@broadmoor.com.

Access:
You may have a right to know what information we collect, use, disclose, or sell, and you may have the right to receive a list of that Personal Data and a list of the third parties (or categories of third parties) with whom we have received or shared Personal Data, to the extent required and permitted by law. You may be able to access some of the Personal Data we hold about you directly through the account settings menu.

Rectification:
You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided to us using the account settings menu.

Delete:
To the extent required by applicable law, you may request that we delete your Personal Data from our systems. We may delete your Personal Data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you.

Data Export:
To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.

Objection:
You may have the right under applicable law to object to our processing of your Personal Data that we undertake without your consent in connection with our legitimate business interests (including any processing specified as such, or processed under this Privacy Policy for a Business Purpose). You may do so by emailing privacy@broadmoor.com. Note that we may not be required to cease, or limit processing based solely on that objection, and we may continue processing cases where our interests in processing are balanced against individuals’ privacy interests.

You may also object to processing for direct marketing purposes. We will cease this processing upon your objection.

Regulator Contact:
You may have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.

ADDITIONAL RIGHTS AND DISCLOSURES: CALIFORNIA

Your California Privacy Rights
Under the California Consumer Privacy Act (“CCPA”) and other California laws, California residents may have the following rights in addition to those set forth in the Rights & Choices section above, subject to your submission of an appropriately verified request where required by applicable law (see below for verification requirements):

Right to Know
You may request any of following, for the 12 month period preceding your request: (1) the categories of Personal Data we have collected about you, or that we have sold, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the business or commercial purpose for which we collected or sold your Personal Data; (4) the categories of third parties to whom we have sold your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.

Right to Delete
You have the right to delete certain Personal Data that we hold about you, subject to exceptions under applicable law

Right to Non-Discrimination
You have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the CCPA.

Direct Marketing
You may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.

Opt-Out of Sale
If we “sell” of data (as defined by applicable law), you may direct us to stop selling your data to third parties for commercial purposes.

Minors’
To the extent we have actual knowledge that we collect or maintain personal information of a minor under age 16, those minors between the age of 13 and 16 must opt in to any sales of personal information (as defined under CCPA), and minors under the age of 13 must have a parent consent to sales of personal information (as defined under CCPA); all minors have the right to opt-out later at any time.

Minors under age 13 may have other rights under the Children’s Online Privacy Protection Act (“COPPA”).

Minors’ User Content
Individuals under the age of 18 in California can delete or remove posts using the same deletion or removal procedures described above, or otherwise made available through the Services. If you have questions about how to remove your posts or if you would like additional assistance with deletion you can email privacy@broadmoor.com. We will work to delete your information, but we cannot guarantee comprehensive removal of that content or information posted through the Services.

Submission of Requests
You may submit requests as follows (see below for summary of required verification information):

For Right to Know, or Right to Delete Requests:
Please visit our Data Rights Webform, or call (866) 702-0816.

Direct Marketing or User Content Requests:
You may request a list of any relevant direct marketing disclosures via email to our privacy team at privacy@broadmoor.com.

Verification of Requests
All rights requests must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Data. We may require that you provide the email address we have on file for you (and verify that you can access that email account) as well as an address, phone number, or other data we have on file, in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.

Data Processing
Categories of Personal Data Disclosed for Business Purposes
For purposes of the CCPA, we may disclose to Service Providers for “business purposes” the following categories of Personal Data: Identity Data, Contact Data, Location Data, Device/Network Data, Commercial Data, Inference Data, Financial Data, Audio/Visual Data, Health Data, and User Content.

Categories of Personal Data sold
For purposes of the CCPA, we do not “sell” your Personal Data.

Right to Know

Category of Data	Context	Category of Sources	Business Purposes	Commercial Purposes	Category of Recipients
User Content	When you access or use our Digital Services When you enter a contest or other promotion Feedback and Surveys When you contact us or submit information to us	From you; Service providers; Agents and partners; Social media companies	Service Provision and Contractual Obligations; Internal Processing and Service Improvement; Security and Incident Detection; Compliance, health, safety, public interest; Aggregated data; Personalization; Other Business Purposes	Personalization & Consumer Profiles; Marketing Communications; Targeted advertising	Affiliates; Service Providers; Social Media Platforms; Agents; Data Aggregators; Successors; Lawful Recipients
Location Data	When you visit our properties When you access or use our Digital Services	From you; Service Providers	Service Provision and Contractual Obligations; Internal Processing and Service Improvement; Security and Incident Detection; Compliance, health, safety, public interest; Aggregated data; Personalization; Other Business Purposes	Personalization & Consumer Profiles; Marketing Communications; Targeted advertising	Affiliates; Service Providers; Agents; Data Aggregators; Successors; Lawful Recipients
Inference Data	When you make a purchase or other transaction through our Service When you visit our properties When you access or use our Digital Services Cookies and other tracking technologies Feedback and Surveys	From you; Automatic collection; Service providers; Agents and partners; Aggregators and advertisers; Social media companies; Data we create/infer	Service Provision and Contractual Obligations; Internal Processing and Service Improvement; Security and Incident Detection; Compliance, health, safety, public interest; Aggregated data; Personalization; Other Business Purposes	Personalization & Consumer Profiles; Marketing Communications; Targeted advertising	Affiliates; Service Providers; Agents; Data Aggregators; Successors; Lawful Recipients
Identity Data	When you make a purchase or other transaction through our Service When visit our properties When you access or use our Digital Services Cookies and other tracking technologies Feedback and Surveys When you enter a contest or promotion When you contact us or submit information to us	From you; Automatic collection; Service providers; Agents and partners; Aggregators and advertisers; Social media companies; Data we create/infer	Service Provision and Contractual Obligations; Internal Processing and Service Improvement; Security and Incident Detection; Compliance, health, safety, public interest; Aggregated data; Personalization; Other Business Purposes	Personalization & Consumer Profiles; Marketing Communications; Targeted advertising	Affiliates; Service Providers; Agents; Data Aggregators; Successors; Lawful Recipients
Health Data	When you book a reservation or participate in certain activities with us In connection with accidents at our properties	From you; Service Providers	Service Provision and Contractual Obligations; Security and Incident Detection; Compliance, health, safety, public interest; Aggregated data; Other Business Purposes	None	Service Providers; Successors; Lawful Recipients
Financial Data	When you make a purchase or other transaction through our Service	From you; Service Providers	Service Provision and Contractual Obligations; Security and Incident Detection; Compliance, health, safety, public interest; Aggregated data; Other Business Purposes	Personalization & Consumer Profiles; Targeted advertising	Affiliates; Service Providers; Agents; Data Aggregators; Successors; Lawful Recipients
Device/ Network Data	When you make a purchase or transaction through our Service When you visit our properties When you access or use our Digital Services Cookies and other tracking technologies	From you; Automatic collection; Service providers; Agents and partners; Aggregators and advertisers; Social media companies; Data we create/infer	Service Provision and Contractual Obligations; Security and Incident Detection; Compliance, health, safety, public interest; Aggregated data; Other Business Purposes	Personalization & Consumer Profiles; Marketing Communications; Targeted advertising	Affiliates; Service Providers; Agents; Data Aggregators; Successors; Lawful Recipients
Contact Data	When you make a purchase or other transaction through our Service When you visit our properties When you access or use our Digital Services Cookies and other tracking technologies Feedback and Surveys When you enter a contest or other promotion When you contact us or submit information to us	From you; Automatic collection; Service providers; Agents and partners; Aggregators and advertisers; Social media companies; Data we create/infer	Service Provision and Contractual Obligations; Security and Incident Detection; Compliance, health, safety, public interest; Aggregated data; Other Business Purposes	Personalization & Consumer Profiles; Marketing Communications; Targeted advertising	Affiliates; Service Providers; Agents; Data Aggregators; Successors; Lawful Recipients
Commercial Data	When you make a purchase or other transaction through our Service When you visit our properties	From you; Automatic collection; Service providers; Agents and partners; Aggregators and advertisers; Social media companies; Data we create/infer	Service Provision and Contractual Obligations; Security and Incident Detection; Compliance, health, safety, public interest; Aggregated data; Other Business Purposes	Personalization & Consumer Profiles; Marketing Communications; Targeted advertising	Affiliates; Service Providers; Agents; Data Aggregators; Successors; Lawful Recipients
Audio/Visual Data	When you visit our properties Closed Circuit Television (CCTV)	From you; Automatic collection; Service Providers	Service Provision and Contractual Obligations; Security and Incident Detection; Compliance, health, safety, public interest; Aggregated data; Other Business Purposes	None	Service Providers; Successors; Lawful Recipients

Select a property

Packages & Offers