Privacy Policy

Effective 08/22/2023
Download the Privacy Policy as a PDF

Click Here To Visit Our Terms of Use Page

Introduction

The Broadmoor Hotel, Inc., (“Broadmoor,” “us,” “our,” or “we”), is committed to respecting your privacy. This Privacy Policy (“Privacy Policy”) describes how we collect, process, and share your Personal Data (defined below). We also describe your Rights & Choices with respect to your Personal Data and other important information. Please read this Privacy Policy carefully. You can contact us here.

Scope of this Policy

This Privacy Policy applies to Personal Data collected through our “Services”, which include:

  • Our “Offline Services”- Services you use when you visit our properties;
  • Our “Digital Services” including:
    • websites that link to/post this Privacy Policy, including any subdomains or mobile versions;
    • mobile applications; and
    • On-premise or web-enabled technologies, such as on-premise WiFi.

Note that certain third parties may be able to identify you across sites and services using the information they process, however, any such processing not done at the direction of The Broadmoor is outside the scope of this Privacy Policy. Please review those third parties’ privacy policies before disclosing information to them.

Contact Us/Controller

The controller of your Personal Data under this Policy is The Broadmoor Hotel, Inc. You may contact our Data Privacy Team as follows:

Physical Address

The Broadmoor

Attn: VP of Sales and Marketing

1 Lake Avenue

Colorado Springs, CO 80906

Data Requests: (where available under applicable law): Visit our Privacy Rights Portal, or call (866) 702-0816.

Opt-Out of Data Sales or Sharing: Visit our Privacy Choices Portal, or call (866) 702-0816.

General Inquiries, Marketing Choices, Direct Marketing Disclosure Requests, and Data Updates: privacy@broadmoor.com

Categories and Sources of Personal Data

The following describes how we process data relating to identified or identifiable individuals and households (“Personal Data”).

Categories of Personal Data we process

The categories of Personal Data we process may include:

  • Identity Data: Personal Data about your identity, such as your name, gender, date of birth, age and/or age range, public profile, and similar information from social networks such as Facebook; and information such as unique IDs and similar data collected or derived from the use of RFID enabled products such as keycards.
  • Contact Data: Personal Data that relates to how we can communicate with you, such as email address, physical address, phone number, or social media or communications platform username, as well as a name or other salutation.
  • General Location Data: Non-precise location data such as location data obtained from your IP address, social media tags/posts, dates and times of your visit and which properties or locations you visited.
  • Device/Network Data: Browsing history, search history, and information regarding your interaction with a web site, application, or advertisement (e.g. IP Address, MAC Address, SSIDs or other device identifiers or persistent identifiers), online user ID, device characteristics (such as browser/OS version), web server logs, application logs, browsing data, first party cookies, third party cookies, web beacons, clear gifs and pixel tags.
  • Transaction Data: Information about the Services we provide to you and about reservations and transactions you make with us or other companies operating through us or on our behalf (including travel agents), information relating to events and services at our properties and locations, information about purchases, what has been provided to you, when and where and, if applicable, how much you paid, and similar information.
  • Inference Data: Personal Data used to create a profile about you reflecting your preferences, characteristics, behavior, market segments, likes, favorites and other data or analytics provided about you or your account by social media companies or data aggregators, including household data, inferences regarding the products and services you use or intend to use or purchase, and your interests.
  • Audio/Visual Data: Recordings and images collected from our surveillance cameras when you visit our properties and locations and areas adjacent to them, as well as audio files and records, such as voice mails, call recordings, and the like.
  • User Content: Unstructured/free-form data that may include any category of Personal Data, e.g. data that you give us in free text fields such as comment boxes, answers you provide when you participate in sweepstakes, contests, and surveys, including any other Personal Data which you may provide through or in connection with our Services.
  • Sensitive Personal Data: Personal Data deemed “sensitive” under California or other laws, such as social security, driver’s license, state identification card, or passport number; account log-in and password, financial account, debit card, or credit card number; precise location data; racial or ethnic origin, etc. We collect the following categories of Sensitive Personal Data:
    • Government ID Data: Information relating to official government identification, such as driver’s license or passport numbers.
    • Payment Data: Information such as bank account details or payment card information.
    • Health Data: Information about your health (for example when you are reserving accommodations or activities requiring wheelchair access, when you request accommodation for allergies, or when we are responding to an accident or other health-related incident).  Note: “Consumer Health Data” includes personal information linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status as defined under Washington’s “My Health My Data Act.” For more information, please review our Consumer Health Data Privacy Policy below.

Sources of Personal Data

We collect Personal Data from various sources, which include:

  • Data you provide us: We will receive Personal Data you provide to us, such as when you make a reservation or stay with us, purchase our products or services, complete a transaction via our Services, or when you otherwise use our Services.
  • Data we collect automatically: We collect Personal Data about or generated by any device you have used to access our Services, or when you use Wi-Fi at our properties.
  • Data we receive from service providers & Agents: We receive Personal Data from on-line travel agents such as Expedia or Booking.com or brick and mortar travel agents who transfer Personal Data to us when you book reservations for our Services through them, and other service providers performing services on our behalf.
  • Data we receive from aggregators and advertisers: We receive Personal Data from ad networks, behavioral advertising vendors, market research, and social media companies or similar companies that provide us with additional Personal Data such as Inference Data.
  • Data we receive from social media companies: We receive Personal Data from Facebook and other social media companies who may transfer Personal Data to us when you interact with that social media company in connection with our Services.
  • Data we create and infer: We, certain partners, social media companies, and third parties operating on our behalf create and infer Personal Data such as Inference Data or Aggregate Data based on our observations or analysis of other Personal Data processed under this Policy, and we may correlate this data with other data we process about you. We may combine any Personal Data about you that we receive from you, from other companies within our family of companies, and from third parties.

Data Processing Contexts / Notice at Collection

Note: please click the following links to view information on Data Retention or Regional Data Rights for any of the processing contexts listed below.

Reservations, Purchases or other Transactions

We generally process Identity Data, Transaction Data, Payment Data, and Contact Data when you make a reservation or engage in a purchase and sale transaction, whether through our Digital Services, over the phone, or in person. In addition, we may also collect or create Device/Network Data and Inference Data. We process this Personal Data as necessary to perform or initiate a transaction with you, process your order, to carry out fulfillment-related processing, and for our Business Purposes.

We may process Identity Data, Transaction Data, Contact Data, and Device/Network Data for Commercial Purposes (which may include data sales/sharing). We do not sell or “share” Payment Data or use it for Business Purposes not permitted under applicable law.

Visiting our Properties

General

We may process Identity Data, Transaction Data, Payment Data, Contact Data and certain Sensitive Data when you interact with us Offline. Some of this Personal Data may be collected when you check in for your reservation (e.g. we collect Government ID Data for identity verification and fraud prevention purposes).

Additionally, when you use electronic or RFID technologies, or use on-premise Digital Services, we will collect Device/Network Data. We may also process this data in combination with Inference Data and Location Data that we collect and/or create as necessary to operate our properties and provide our Services to you, for our Business Purposes, and our other legitimate interests, including:

  • verifying your identity for authentication and security purposes;
  • preventing fraud; and
  • returning lost property to its owner.

We may collect Health Data, which is generally used so that we can tailor our Services to you (for example, information you may provide regarding allergies or physical conditions relevant to certain Services) or in connection with our response to health-related incidents at our properties. We will process this information only with appropriate consent where required by law.

We use Identity Data, Transaction Data, Inference Data, and Contact Data collected in this context for our Commercial Purposes (which may include data sales/sharing). We do not sell or “share” Payment Data or Health Data.

Closed Circuit Television (CCTV)

We may operate CCTV or security cameras on and adjacent to our properties. In connection with these systems, we may collect and/or create Audio/Visual Data as necessary in connection with our Business Purposes, and our other legitimate interests, such as:

  • preventing and detecting crime and to keep people who visit and work at our locations safe and secure;
  • recording and investigating health and safety and other incidents which have happened or may have happened at our properties;
  • counting the numbers of people who visit our properties and to analyze flows of people around the properties for safety and commercial purposes using software which analyzes CCTV camera images; and
  • creating aggregate data.

Digital Services 

General

We process Device/Network Data, Contact Data, Identity Data, General Location Data, and Inference Data.

We use this data as necessary in connection with our Business Purposes, and our other legitimate interests, such as:

  • fulfilling your requests for certain features or functions through our Services, such as keeping you logged in, delivering pages, etc.;
  • ensuring the security of our websites, mobile applications and other technology systems; and
  • analyzing the use of our Services, including navigation patterns, clicks, etc. to help understand and make improvements to the Services.

We may process Identity Data, Device/Network Data, General Location Data, Inference Data, and Contact Data collected in this context for Commercial Purposes (which may include data sales/sharing).

Mobile Apps

If you use our mobile apps, we may process Identity Data, Device/Network Data, Payment Data, Inference Data, and General Location Data.

We process this Personal Data to provide our mobile apps, for our Business Purposes, and our other legitimate interests, such as:

  • fulfilling your requests for our Services
  • to optimize the display and functionality of the mobile apps on your device.
  • provide contextual information to you.
  • deliver features that require the use of Location Data.
  • creating aggregate information about users’ location and patterns, which we use to help improve our Services.

We may process this Personal Data for our Commercial Purposes (which may include data sales/sharing).

Cookies and other tracking technologies

We use cookies and similar technologies on our Digital Services. These technologies can be used to collect or create Identity Data, Device/Network Data, Contact Data, or Inference Data. Third parties may be allowed to view, edit, or set their own cookies or place web beacons on our websites. Cookies and web beacons allow us and third parties to distinguish you from other users of our websites, and some of these technologies can be used by us and/or our third party partners to identify you across platforms, devices, sites, and services. Third parties may engage in targeted advertising using this data.

We and authorized third parties may use cookies and similar technologies for the following purposes:

  • for “essential” or “functional” purposes, such as to enable certain features of our Digital Services (for example, to allow a customer to maintain a basket when they are shopping at an online store);
  • for “analytics” purposes, such as to analyze the traffic to and usage of our Digital Services (for example, how many people have looked at a page, how visitors move around the Site, what website they visited prior to visiting our Site, and use this information to understand user behaviors and improve the design and functionality of the website);
  • for “retargeting” or similar advertising or commercial purposes, such as:
    • for social media integration e.g. via third-party social media cookies, or when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking website such as Facebook or Twitter;
    • to collect information about your preferences and demographics to help target advertisements which are more likely to be of interest to you using behavioral advertising; and
    • to allow us to carry out retargeting (this includes, for example, when advertisements are presented to you for products or services which you have previously looked at on a website but have not purchased).

The use of these technologies by third parties may be subject to their own privacy policies and is not covered by this Privacy Policy, except as required by law.

We may also use your Identity Data, Device/Network Data, Inference Data, and Contact Data collected in this context for Business Purposes and Commercial Purposes (which may include data sales/sharing). See your Rights & Choices for information regarding opt-out rights for cookies and similar technologies.

Marketing Communications

We process Device/Network Data, Contact Data, Identity Data, and Inference Data in connection with marketing emails, push notifications, telemarketing, or similar communications, and when you open or interact with those communications. You may receive marketing communications if you consent and, in some jurisdictions, as a result of account registration or a purchase.

We process this Personal Data to contact you about relevant products or services and for our Business Purposes. We may use this data for our Commercial Purposes (which may include data sales/sharing). Marketing communications may also be personalized as permitted by applicable law, but will not involve Targeted Advertising or the processing of Race or Ethnic Origin where users have opted out or not provided necessary consents. See your Rights & Choices to limit or opt out of this processing.

Contests and Promotions

We may collect and process Identity Data, Preference Data, certain Contact Data, and User Content when you enter a contest/sweepstakes or take part in a promotion.

We process this Personal Data as necessary to provide the contest/promotion, notify you if you have won, or to process delivery of a prize, for our Business Purposes, and other legitimate interests, such as:

  • verifying your identity for authentication, anti-fraud, and security purposes (in which case we may process Government ID Data to complete verification);
  • to improve our Services and to create a personalized user experience; and
  • to contact you about relevant products or services, and in connection with marketing communications and Targeted Advertising.

We may process Identity Data, Contact Data, and User Content information for our Commercial Purposes (which may include data sales/sharing).

Some programs and offers are operated/controlled by our third-party partners or their affiliates or partners. We may receive this data from third parties to the extent allowed by the applicable partner; otherwise, this Privacy Policy will not apply to data processed by third parties.

Your Personal Data may be public. If you win a contest/sweepstakes, we may publicly post some of your data. We do not post Personal Information without consent where required by law. See any program agreement(s) for additional details and terms.

Contact Us, Support

We collect and process Identity Data, Contact Data, and User Content when you contact us, e.g., through a contact us form, or for support. If you call us via phone, we may collect Audio/Visual data from the call recording.

We process this Personal Data to respond to your request, and communicate with you, as appropriate, and for our Business Purposes. If you consent or if permitted by law, we may use Identity Data and Contact Data to send you marketing communications and for our Commercial Purposes (which may include data sales/sharing). We may also share Personal Data collected in connection with a support request with our Service Providers.

Feedback and Surveys

We process Identity Data, Contact Data, Inference Data, Preference Data, and User Content collected in connection with feedback you provide to us, surveys or questionnaires.

We process this Personal Data as necessary to respond to your requests/concerns, for our Business Purposes, and other legitimate interests, such as analyzing customer satisfaction. We may process this Personal Data for our Commercial Purposes (which may include data sales/sharing). We may share Feedback/Survey data relating to third party partners with those partners, who may use it for their own purposes.

Processing Purposes

Business Purposes

We and our Service Providers process Personal Data we hold for numerous business purposes, depending on the context of collection, your Rights & Choices, and our legitimate interests. We generally process Personal Data for the following “Business Purposes.”

Service Delivery

We process any Personal Data as is necessary to provide our Service, to provide you with the products and services you purchase or request, to authenticate users and their rights to access the Service, or various data, features, or functionality, and as otherwise necessary to fulfill our contractual obligations to you, and provide you with the information, features, and services you request. Additionally, we use information to authenticate your right to access our properties and locations, deliver products and services, and for other related matters. Similarly, we may use Personal Data as necessary to audit compliance, and log or measure aspects of service delivery (e.g. to document ad impressions). In some cases, third party service providers may collect Personal Data directly from you in connection with Services at our Properties, if the third party service provider is operating that Service on our behalf.

Internal Processing and Service Improvement

We may use any Personal Data we process through our Services as necessary in connection with our legitimate business interests in improving the design of our Service, understanding how are Services are used or function, for customer service purposes, in connection with logs and metadata relating to service use, and for debugging and similar purposes relating to our identification of errors and improving the stability of the Service. Additionally, we may use Personal Data to understand what parts of our Service are most relevant to Users, how Users interact with various aspects of our Service, how our Service performs or fails to perform, etc., or we may analyze use of the Service to determine if there are specific activities that might indicate an information security risk to the Service or our Users.

Security and Incident Detection

Whether online or off, we work to ensure that our Services are secure. We may process any Personal Data we collect in connection with our legitimate business interest in ensuring that our properties and locations are secure, identify and prevent crime, prevent fraud, and ensure the safety of our guests. Similarly, we process Personal Data on our Digital Services as necessary to detect security incidents, protect against, and respond to malicious, deceptive, fraudulent, or illegal activity. We may analyze network traffic, device patterns and characteristics, maintain and analyze logs and process similar Personal Data in connection with our information security activities.

Compliance, health, safety, public interest

We may also process any Personal Data as necessary to comply with our legal obligations, such as where you exercise your rights under data protection law and make requests, for the establishment and defense of legal claims, or where we must comply with our legal obligations, lawful requests from government or law enforcement officials, and as may be required to meet national security or law enforcement requirements or prevent illegal activity. We may also process data to protect the vital interests of individuals, or on certain public interest grounds, each to the extent allowed under applicable law. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.

Aggregated Data

We process Personal Data about our customers and users in order to identify trends (to create aggregated and anonymized data about our customers/users, buying and spending habits, use of our Services, and other similar information (“Aggregated Data”). We may pass Aggregated Data to certain third parties to give them a better understanding of our business and to improve our Services. Aggregated Data will not contain information from which you may be personally identified.

Personalization

We process certain Personal Data in connection with our legitimate business interest in personalizing our Services. For example, aspects of the Digital Services may be customized to you based on your interactions with our Digital Services and other content. This processing may involve the creation and use of Inference Data relating to your preferences.

Commercial Purposes

We and certain third parties process Personal Data we hold for certain commercial purposes, depending on the context of collection and your Rights & Choices, including:

Profiles

In order to understand our customers’ preferences, and better recommend products and services to our prior customers, we may create a “Profile” by linking together and analyzing Personal Data collected in the following contexts:

  • Reservations, Purchases or other Transactions
  • Visiting our Properties
  • Using Digital Services
  • Contests and Promotions
  • Contact Us; Support
  • Feedback and Surveys

We may also augment Profiles with Personal Data that we create (such as Inference Data) or that we receive from our affiliates or third parties, and may include Personal Data such as Services you have used or purchased, information about when you have visited our properties and what activities you participated in, and demographic data.

We use Profiles for our legitimate interests in market research and statistical analysis in connection with the improvement of our Services. For example, we may analyze the Personal Data of people who have made a reservation for a particular itinerary in the past and compare them with other people in our database. If we identify people in the database who have similar Personal Data to the previous guests, we may then target marketing via emails to the new people. We may conduct the profiling and send these emails automatically. We may also use this information for other Commercial Purposes.

Personalized Marketing Communications

We may personalize Marketing Communications based on your Profile. If consent to Consumer Profiling or Targeted Advertising is required by law, we will seek your consent.

Targeted Advertising

We, and certain third parties operating on or through our Services, may engage in Targeted Advertising. This form of advertising includes various parties and services providers, including third party data controllers, engaged in the processing of Personal Data in connection with advertising. These parties may be able to identify you across sites, devices, and over time.

The parties that control the processing of Personal Data for Targeted Advertising purposes may create or leverage information derived from Personalization, Profiles, and Marketing Communications. In some cases, these parties may also develop and assess aspects of a Profile about you to determine whether you are a type of person a company wants to advertise to, and determine whether and how ads you see are effective. These third parties may augment your profile with demographic and other Preference Data, and may track whether you view, interact with, or how often you have seen an ad, or whether you purchased advertised goods or services.

We generally use Targeted Advertising for the purpose of marketing our Services and third-party goods and services, and to send marketing communications, including by creating custom marketing audiences on third-party websites or social media platforms.

Data Sales and “Sharing”

We may engage in “sales” or “sharing” of data as defined by applicable law. For example, we may “sell” certain Personal Data when we engage in marketing campaigns with or on behalf of sponsors, conduct Targeted Advertising, or we may sell, “share” for behavioral advertising purposes, or grant access to Personal Data to our marketing partners, and other advertisers in relation to Targeted Advertising as described below, joint promotions, and other marketing initiatives. See the California Rights & Disclosures section for a list of categories of Personal Data sold or shared.

Disclosures of Personal Data

Affiliates

We may disclose your Personal Data to any of our current or future affiliated entities, subsidiaries, and parent companies in order to streamline certain business operations, and in support of our Business Purposes, and Commercial Purposes.

Service Providers

We may exchange your Personal Data with service providers who provide certain services or process data on our behalf in connection with our general business operations, product/service fulfillment and improvements, to enable certain features, and in connection with our (or our Service Providers’) Business Purposes.

Successors

Your Personal Data may be disclosed if we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Lawful Recipients

In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use, or in the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

Sponsors, Advertisers, and Social Media Platforms

We may exchange certain Personal Data with social media platforms, advertisers, ad exchanges, data management platforms, or sponsors in support of our Business Purposes and Commercial Purposes. We may allow these third parties to operate through our Services.

Data Aggregators

We may exchange Personal Data with data aggregators in support of our Commercial Purposes and in connection with Data Sales. These disclosures/sales can help better personalize our Services, the services of third parties, enrich Profiles, and help ensure that you see advertisements that are more relevant to your interests.

Your Rights & Choices

You may have certain rights and choices regarding the Personal Data we process. Please note, these rights may vary based on the country or state where you reside, and our obligations under applicable law. See the following sections for more information regarding your rights/choices in specific regions:

  • US States/California
  • EEA/UK/Switzerland/Cayman Islands

Your Rights

You may have certain rights and choices regarding the Personal Data we process. See the “Regional Supplement” section below for rights available to you in your jurisdiction. To submit a request, contact our Data Privacy Team. We verify your identity in connection with most requests, as described below.

Verification of Rights Requests

If you submit a request, we typically must verify your identity to ensure that you have the right to make that request, reduce fraud, and to ensure the security of Personal Data. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.

We may require that you match personal information we have on file in order to adequately verify your identity. If you have an account, we may require that you log into the account to submit certain requests as part of the verification process. We may not grant access to certain Personal Data to you if prohibited by law.

Your Choices

Marketing Communications

You can withdraw your consent to receive marketing communications by clicking on the unsubscribe link in an email. You can also withdraw your consent to receive marketing communications or any other consent you have previously provided to us by contacting us. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in emails.

Withdrawing Your Consent/Opt-Out

Where we are processing your Personal Data based on your consent, you may change your mind and withdraw your consent at any time. The consequence of you withdrawing consent might be that we cannot perform certain services for you, such as location-based services, personalization or providing certain types of advertising, or other services conditioned on your consent or choice not to opt-out.

Location Data

You may control or limit Location Data that we collect through our Services by changing your preferences in your device’s location services preferences menu, or through your choices regarding the use of Bluetooth, WiFi, and other network interfaces you may use to interact with our Services.

Cookies, Similar Technologies, and Targeted Advertising

General - If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu. You may need to opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Policy, or Google Analytics Opt-out.

Targeted Advertising - You may opt out or withdraw your consent to Targeted Advertising (including “sharing” for cross-context behavioral advertising) by visiting Your Privacy Choices. In some cases, you may be able to opt-out by submitting requests to third party partners, including for the vendors listed below:

  • Google Ads
  • Facebook Custom Audience Pixel
  • Twitter Audience Pixel
  • Digital Advertising Alliance’s opt-out
  • Network Advertising Initiative opt-out

Do-Not-Track - Our Services do not respond to your browser’s do-not-track request.

Data Security

We implement and maintain commercially reasonable security measures to secure your Personal Data from unauthorized processing. While we endeavor to protect our Services and your Personal Data from unauthorized access, use, modification and disclosure, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others.

Data Retention

We retain Personal Data for so long as it is reasonably necessary to achieve the relevant processing purposes described in this Privacy Policy, or for so long as is required by law. What is necessary may vary depending on the context and purpose of processing. We generally consider the following factors when we determine how long to retain data (without limitation):

  • Retention periods established under applicable law;
  • Industry best practices;
  • Whether the purpose of processing is reasonably likely to justify further processing;
  • Risks to individual privacy in continued processing;
  • Applicable data protection impact assessments;
  • IT systems design considerations/limitations; and
  • The costs associated with continued processing, retention, and deletion.

We will review retention periods periodically and may pseudonymize or anonymize data held for longer periods.

Minors

Our Services are neither directed at nor intended for use by persons under the age of majority.  It is our intent that any data regarding minors is provided to us by the parent or guardian of the minor (for example, a child’s parent or guardian would enroll the child in our various programs or activities intended for families or children).  If you have reason to believe that your child has provided information to us directly, please inform us of this, and we will promptly delete such Personal Data if requested by you, or if required by law. If you are under the age of majority in your jurisdiction and you access or use the Digital Services, you assert that you have obtained the consent of your parent or guardian.

Changes to Our Privacy Policy

We may change this Privacy Policy from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your use of the Digital Service following notice of any changes indicates acceptance of any changes.

Regional Supplement

US States (California, Colorado, others with comprehensive privacy laws)

Privacy Rights & Choices

Under the California Consumer Privacy Act (“CCPA”), the Colorado Privacy Act, and other state privacy laws, residents of certain US states may have the following rights, subject to regional requirements, exceptions, and limitations.

Confirm - Right to confirm whether we process your Personal Data.

Access/Know - Right to request any of following: (1) the categories of Personal Data we have collected, sold/shared, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the purposes for which we collected or sold/shared your Personal Data; (4) the categories of third parties to whom we have sold/shared your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.

Portability - Right to request that we provide certain Personal Data in a common, portable format.

Deletion - Right to delete certain Personal Data that we hold about you.

Correction - Right to correct certain Personal Data that we hold about you.

Opt-Out (Sales, Sharing, Targeted Advertising, Profiling) - Right to opt-out of the following:

  • If we engage in sales of data (as defined by applicable law), you may direct us to stop selling Personal Data.
  • If we engage in Targeted Advertising (aka “sharing” of Personal Data or cross-context behavioral advertising) you may opt-out of such processing.
  • If we engage in certain forms of “profiling” (e.g. profiling that has legal or similarly significant effects), you may opt-out of such processing.

Non-Discrimination - California residents and certain others have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by state privacy laws.

List of Direct Marketers - California residents may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.

Submission of Requests

You may submit requests as follows. If you have any questions or wish to appeal any refusal to take action in response to a rights request, contact us at privacy@broadmoor.com. We will respond to any request to appeal within the period required by law.

Access/Know, Confirm Processing, Portability, Deletion, and Correction

Visit our Privacy Rights Portal, or call (866) 702-0816. You will be directed to leave a voicemail where you will provide your email address, phone number and address we have on file, along with your request.
You may send mail to our Contact Us address above with your email address, phone number and address we have on file, along with your request.

Opt-Out of Sales, Sharing, Targeted Advertising or Profiling

Visit our Privacy Choices Portal, or call (866) 702-0816. You will be directed to leave a voicemail where you will provide your email address, phone number or address, along with your request.
You may send mail to our Contact Us address above with your email address, phone number or address on file, along with your request.

List of Direct Marketers; Revoke Consent Previously Granted; Other Requests or Inquiries

Contact us via email to our privacy team at privacy@broadmoor.com

Categories of Personal Data Disclosed for Business Purposes

For purposes of the CCPA, we have disclosed for “business purposes” in the preceding 12 months the following categories of Personal Data, to the following categories of recipients:

  • We have disclosed the categories of Identity Data, Contact Data, General Location Data, Device/Network Data, Transaction Data, Inference Data, Preference Data, and User Content to the following categories of recipients: Service Providers; Affiliates; Sponsors, Advertisers, and Social Media Platforms; Data Aggregators; Successors; and Lawful Recipients.
  • We have disclosed the category of Payment Data to the following categories of recipients: Service Providers; Affiliates; Successors; and Lawful Recipients.  
  • We have disclosed the categories of Audio/Visual Data; Government ID Data; and Health Data to the following categories of recipients:  Service Providers; Successors; and Lawful Recipients.

Categories of Personal Data Sold, Shared, or Disclosed for Commercial Purposes

For purposes of the CCPA, we have “sold” or “shared” in the preceding 12 months the following categories of Personal Data in the, to the following categories of recipients:

  • We have disclosed the categories of Identity Data, Contact Data, General Location Data, Device/Network Data, Transaction Data, Inference Data, and User Content to the following categories of recipients: Affiliates; Partners; Sponsors, 
  • Advertisers, and Social Media Platforms; Data Aggregators.

Categories of Sensitive Personal Data Used or Disclosed

For purposes of CCPA, we may use or disclose the following categories of Sensitive Personal Data: Government ID Data; Payment Data; and Health Data. However, we do not sell or share Sensitive Personal Data, or use it for purposes other than those listed in CCPA section 7027(m).

EEA/UK/Switzerland (and certain other countries)

Controller

The controller of Personal Data is: The Broadmoor Hotel, Inc. located at 1 Lake Avenue, Colorado Springs, CO 80906.

Rights & Choices

Residents of the EEA, UK, Switzerland, and certain other countries (based on applicable privacy laws) have the following rights. Please our review verification requirements. Applicable law may provide exceptions and limitations to all rights.

Access - You may have a right to access the Personal Data we process.

Rectification - You may correct any Personal Data that you believe is inaccurate.

Deletion - You may request that we delete your Personal Data. We may delete your data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you.

Data Export - You may request that we send you a copy of your Personal Data in a common portable format of our choice.

Restriction - You may request that we restrict the processing of personal data to what is necessary for a lawful basis.

Objection - You may have the right under applicable law to object to any processing of Personal Data based on our legitimate interests. We may not cease, or limit processing based solely on that objection, and we may continue processing where our interests in processing are appropriately balanced against individuals’ privacy interests. In addition to the general objection right, you may have the right to object to processing:

  • for Profiling purposes.
  • for direct marketing purposes (we will cease processing upon your objection); and
  • involving automated decision-making with legal or similarly significant effects (if any).

Regulator Contact - You have the right to file a complaint with regulators about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.

Submission of Requests:

Data Requests: (where available under applicable law): Visit our Privacy Rights Portal, or call (866) 702-0816.

Opt-Out of Data Sales or Sharing: Visit our Privacy Choices Portal, or call (866) 702-0816.

General Inquiries, Marketing Choices, Direct Marketing Disclosure Requests, and Data Updates: privacy@broadmoor.com

Lawful Basis for Processing

We process Personal Data pursuant to the following legal bases:

Performance of a contract: The processing of your Personal Data is strictly necessary in the context in which it was provided, e.g., to perform an agreement you have with us, to provide products and services to you, to open and maintain your user accounts, or to process requests.

  • This legal basis is applicable in the following contexts and for the following purposes, as described above (excluding Sensitive Personal Data): Reservations, Purchases or other Transactions, Visiting our Properties, Digital Services (including Cookies and other tracking technologies - strictly necessary, and Service Delivery.
  • Disclosures under this legal basis include: Public Disclosure, Service Providers.

Legitimate interests: This processing is based on our legitimate interests. For example, we rely on our legitimate interest to administer, analyze and improve our Services, to operate our business including through the use of service providers and subcontractors, to send you notifications about our Services, for archiving, recordkeeping, statistical and analytical purposes, and to use your Personal Data for administrative, fraud detection, audit, training, security, or legal purposes.

  • This legal basis is applicable in the following contexts and for the following purposes, as described above (excluding Sensitive Personal Data): Internal Processing and Service Improvement, Security and Incident Detection, Contextual Advertising, Personalization, Aggregated Data, Profiles, Personalized Marketing Communications.
  • Disclosures under this legal basis include: Affiliates, Service Providers, Sponsors, Advertisers, and Social Media Platforms, Data Aggregators, Successors.

Consent: This processing is based on your consent. You are free to withdraw any consent you may have provided, at any time, subject to your rights/choices, and any right to continue processing on alternative or additional legal bases. Withdrawal of consent does not affect the lawfulness of processing undertaken prior to withdrawal.

  • This legal basis is applicable in the following contexts and for the following purposes, as described above: Cookies and other tracking technologies (except strictly necessary), Processing of Sensitive Personal Data, Marketing Communications, Targeted Advertising, Data Sales.
  • Disclosures under this legal basis include: Sponsors, Advertisers, and Social Media Platforms.

Compliance with legal obligations: This processing is based on our need to comply with legal obligations. We may use your Personal Data to comply with legal obligations to which we are subject, including to comply with legal process.

  • This legal basis is applicable in the following contexts and for the following purposes, as described above: Compliance, Health, Safety, Public Interest.
  • Disclosures under this legal basis include: Lawful Recipients

Performance of a task carried out in the public interest: This processing is based on our need to protect recognized public interests. We may use your Personal Data to perform a task in the public interest or that is in the vital interests of an individual.

  • This legal basis is applicable in the following contexts and for the following purposes, as described above: Compliance, Health, Safety, Public Interest.
  • Disclosures under this legal basis include: Lawful Recipients.

International Transfers

We process data in the United States, and other countries where our sub processors are located. In cases where we transfer Personal Data to jurisdiction that have not been determined to provide “adequate” protections by your home jurisdiction, we will put in place appropriate safeguards to ensure that your Personal Data are properly protected and processed only in accordance with applicable law. Those safeguards may include the use of EU standard contractual clauses, reliance on the recipient’s Binding Corporate Rules program, or requiring the recipient to certify to a recognized adequacy framework. You can obtain more information about transfer measures we use for specific transfers by contacting us using the information above.

Washington State - Consumer Health Data Privacy Policy

Categories of Consumer Health Data We Collect

Pursuant to the Washington My Health My Data Act (“MHMDA”) we collect the following categories of personal information linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status as defined under the MHMDA (“Consumer Health Data”), for the following purposes (please see further descriptions above for additional context):

1. We collect the following categories of Consumer Health Data for the purposes of Reservations, Purchases and Transactions, Visiting our Properties, Service Delivery, Compliance, Health Safety and Public Interest, and Contact Us/Support:

  • Individual health conditions, treatment, diseases or diagnoses;
  • Social, psychological, behavioral, and medical interventions;
  • Health-related surgeries or procedures;
  • Bodily functions, vital signs, symptoms, or related measurements;
  • Diagnoses or diagnostic testing, treatment, or medication

These categories of Consumer Health Data, will only be used as necessary to:

  • fulfill or ensure compliance with relevant booking transactions;
  • accommodating your needs related to various health conditions during your booking or activities;
  • protect the health, safety, and vital interests of our personnel, guests, and the public; and
  • as otherwise necessary for our Business Purposes as permitted by law.

2. We collect the following categories of Consumer Health Data for the purposes of Reservations, Purchases and Transactions, Visiting our Properties, Service Delivery, Compliance, Health Safety and Public Interest, Contact Us& Support, and Feedback & Surveys:

  • Data that identifies a consumer seeking “health care services” as defined under Washington State law, also referred to as “Identity Data”

These categories of Consumer Health Data, will only be used as necessary to:

  • verify your identity for authentication and security purposes;
  • help us to ensure our customers are genuine and to prevent fraud;
  • perform or initiate a contract with you;
  • carry out fulfillment and delivery; and
  • as otherwise necessary for our Business Purposes as permitted by law.

Sources of Consumer Health Data We Collect

We collect Consumer Health Data from various sources, which include the following (see applicable sections above for further information): Data you provide us; Service Providers & Agents; Data we create or infer.

Sharing of Consumer Health Data

We do not share (as defined by the MHMDA) Consumer Health Data with third parties or specific affiliates. All such disclosures are described above, and are excluded from the definition of sharing under the MHMDA.

My Health My Data Rights

Your Rights

Under the Washington State My Health My Data Act, Washington State residents and natural persons whose Consumer Health Data is collected in Washington may have the following rights, subject to verification, exceptions, and limitations:

Right to Delete - You have the right to request deletion of any Consumer Health Data held by us and our affiliates, processors, contractors, and other third parties.

Right to Withdraw Your Consent/Opt-Out - You may withdraw any consent you have provided at any time regarding our collection and sharing of Consumer Health Data. The consequence of you withdrawing consent might be that we cannot perform certain services for you.

How to Exercise Your Rights

You may exercise your rights under Washington My Health My Data Act by emailing privacy@broadmoor.com. If you have any questions or wish to appeal any refusal to take action in response to a rights request, contact us at privacy@broadmoor.com. We will respond to any request to appeal within the period required by law.