Introduction

Carmel Beach Hotel (“Carmel Beach Hotel”, “Company”, “us”, “we”, or “our”) operates the carmelbeachhotel.com website. This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our website and the choices you have associated with that data. What this policy covers:

This privacy policy covers the collection, use, storage, treatment, and disclosure of personal information we collect when you visit or use any of the websites that are owned, published, or operated by us (individually, the “website” and collectively, the “websites”). It also covers personal information disclosed to us via mail, our websites, or telemarketing. This policy does not describe privacy policies and practices of websites and platforms that we do not provide, including those linked to, or integrated with, our websites (e.g., Facebook or our sponsors or customers). It also does not cover personal information you may choose to share with other users of our websites.

By using our websites, you signify your consent to the collection, use, storage, treatment, and disclosure of your personal information in accordance with this policy. If you do not agree with this policy, do not use our websites. For EU users, you may affirmatively opt-in to such collection, use, storage, treatment, or disclosure.

Non-Personally Identifiable Information Collection

From time to time we automatically collect certain non-personally identifiable information when you visit any one of our websites, such as the time and date of your visit, the pages that you access, the website from which you linked to our website, the sections of the website you visit, and the number of times you return to the website. This information is not used to identify you but is used in the aggregate for our internal marketing, system administration, website improvements, and other similar purposes.

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment. If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Personal Information Collection

During your use of the websites, you may be asked to voluntarily provide certain personal information for purposes such as facilitating communications with you or applying for access to certain special features or areas of the websites. This may include such information as name, address, telephone numbers, company name, job function, and email address.

We also automatically collect certain usage details, IP addresses, and Browser information. When you visit our website, we collect technical information such as the identity of your Internet Protocol (IP) address, your computer or device’s operating system and browser type, geo-location data, and the pages of our website that you visit. Most browsers transmit this type of information to websites automatically. We collect this information to administer and manage our website, to ensure that it functions properly, and to review aggregate information.

Except as described above, we do not collect any personal information about you other than personal information which you expressly choose to submit to us directly or through our service providers, such as our telemarketers.

It is important that the personal information we have about you is accurate. If any of the personal information you provide us should ever change, for instance, if you change your email address or phone number, or should you wish to change your preferences, to stop receiving announcements from us, to correct any inaccurate personal information about you, or to delete any personal information that you provided through your visits to our website, please let us know by sending an email to info@carmelbeachhotel.com. We are not responsible for any losses that could arise from any inaccurate, deficient, or incomplete personal information that you provide us.

For security reasons, we may need to request specific information from you to help us confirm your identity, before we correct, update or delete any personal information you provide us.

At any time after we collect your personal information, you will have a right to access and/or correct it. You may make such a request by sending a written request by email to info@carmelbeachhotel.com. At any time after we collect your personal information, you will have an opportunity to withdraw your consent to its use or disclosure. You may make such a request by sending an email to info@carmelbeachhotel.com, or by calling us at +1 (831) 293-0388.

Cookies

Carmel Beach Hotel uses “cookies” on this site. A cookie is a piece of data stored on a site visitor’s hard drive to help us improve your access to our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site and online. Carmel Beach Hotel uses third-party vendors, including Google, to serve ads based on someone’s past visits to the website. Usage of a cookie is in no way linked to any personally identifiable information on our site. For more information about how you can opt out of Google’s use of cookies, please visit Google’s Ads Settings.

If you leave a comment on our site you may opt-in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Examples of cookies we may use:

• Session Cookies: Session cookies are used to operate the Company’s website
• Preference Cookies: Preference cookies are used to remember your preferences and various settings to enhance your experience interacting with our website
• Security Cookies: We use Security Cookies for security purposes.

You may be able to disallow Cookies by modifying the settings in your browser. To learn more about Cookies, and how to disallow or manage them go to: http://www.allaboutcookies.org/. If you choose not to accept Cookies, you may be unable to access certain parts or pages of our website. Your non-personally identifiable information may be disclosed to others and permanently archived for future use.

Non-Personally Identifiable Information Collection

We use the information collected from us and/or our services providers (e.g., MailChimp, etc.):

1. to contact and correspond with you, to respond to your inquiries,
2. to improve our website,
3. to target advertisements or other content on the website to products or services that may be of interest to you,
4. to allow you to participate in interactive features of our website when you choose to do so,
5. to monitor the usage of our website,
6. to detect, prevent, and address technical issues,
7. to analyze trends, administer the website, track users’ movements around the website, and gather demographic information about our user base as a whole,
8. to offer media products you request, or as otherwise permitted by law.
9. We may also use the information we collect to analyze user behavior as a measure of interest in, and use of our websites, and may disclose such analyses to advertisers or other third parties in the form of aggregate data, such as overall patterns or demographic reports that do not describe or identify any individual user.

We may disclose personal information about you to third parties: (i) if we have a good-faith belief that we are permitted or required to do so by law or legal process, (ii) to service providers who require access to such information for the carrying out of their mandate, (iii) to respond to legal claims, (iv) to protect our rights, property or safety or the rights, property or safety of others, or (v) to the resulting organization if we are involved in a merger or other reorganization. The disclosures referred to in this section may include transfers to entities located in other countries. Such transfers may include third parties located in other countries (such as Canada, Mexico, Caribbean, South America, and EU countries). We have not confirmed that all such countries apply the same standards as required under the European General Data Privacy Regulations (“GDPR”); therefore, some risk exists regarding such transfers if the third parties are in countries where the European Commission has not made an adequacy determination nor adopted appropriate safeguards.

If you post information on our websites or disclose it to any other party through any of our websites, you should be aware that your information may then be made available to others.

We may provide the information you provide us on a confidential basis with partners, contractors, vendors, or service providers for whom we provide services or that support our operations and our website, but only for those purposes. This may include, for instance, deploying marketing or informational emails and providing personalized web content.

We may also use the information to send emails to you on behalf of a sponsor. If a recipient of an email clicks on a sponsored link, we may share the following information with that sponsor: name, address, telephone numbers, company name, job function, and email address. We will not share this information as to persons who have opted out of receiving advertising emails or have requested that we not share personal information.

We may also share your personal information with courts, law enforcement authorities, regulators, attorneys or other parties when it is reasonably necessary for the establishment, exercise or defense of a legal or equitable claim, or for purposes of an alternative dispute resolution process; to comply with a subpoena or court order, legal process, or other legal requirement or when we believe in good faith that such disclosure is necessary to comply with the law, prevent imminent physical harm or material financial loss; to investigate, prevent or take action concerning illegal activities, suspected fraud, threats to us or our property; or as necessary in connection with an investigation of fraud, intellectual property infringement, piracy or other unlawful activity.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics & data sharing

We may use third-party Service Providers to monitor and analyze the use of our website. Certain applications may also access personal information as well.

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our website. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having made your activity on our websites available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/

Carmel Beach Hotel uses remarketing services to advertise on third-party websites to you after you visited our website. We and our third-party vendors use Cookies to inform, optimize and serve ads based on your past visits to our website. Google AdWords remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads. Google also recommends installing the Google Analytics Opt-out Browser Add-on https://tools.google.com/dlpage/gaoptout for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/

Facebook remarketing service is provided by Facebook Inc. You can learn more about interest-based advertising from Facebook by visiting this page:https://www.facebook.com/help/164968693837950. To opt-out from Facebook’s interest-based ads follow these instructions from Facebook:https://www.facebook.com/help/568137493302217. Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings. For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation

California – Your CCPA privacy rights

The CCPA, where applicable, provides California residents with the right to request for disclosure of: Categories of any personal information collected about you.

Specific pieces of personal information collected about you. Categories of sources of any personal information collected about you. The business or commercial purpose for collection or selling personal information. Categories of third parties with whom your personal information was shared. Categories of any personal information disclosed about you for a business purpose in the preceding 12 months. Your right to request deletion of any personal information about you that was collected from you, subject to certain exceptions outlined below.
Your right not to receive discriminatory treatment for the exercise of your privacy rights conferred by CCPA.

CCPA, where applicable, provides a right to request that deletion of any of your personal information collected from you. This must be made in a verifiable request. Once we receive and confirm your request, we will delete the information from our records unless an exception applies. CCPA, where applicable, provides that we are not required to comply with a request to delete personal information if the information is necessary to:

• Comply with a legal obligation.
• Complete the transaction for which the information was collected, provide a good or service you requested, perform a contract with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or take actions reasonably anticipated in the context of our ongoing business relationship with you.
• Detect security incidents, protect against deceptive, malicious, fraudulent, or illegal activity, or to prosecute those responsible for that activity.
• Debug products, services, or applications to identify and repair errors that impair existing functionality.
• Exercise free speech rights, ensure the rights of others to exercise their free speech rights, or exercise another right provided by law.
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code §1546, et. Seq.)
• Enable solely internal uses that are compatible with the context in which the personal information was provided.

You can exercise these rights in several ways. You can make a request by calling 503-894-7594, by submitting a request via email at info@carmelbeachhotel.com, or by submitting a request on our website, www.carmelbeachhotel.com.

You may make the request on your own behalf or on behalf of your minor child. Another person who is legally authorized to act on your behalf may also submit a request for you. Please describe your request in sufficient detail to allow us to understand the nature of the request, evaluate and respond to it. Because CCPA allows certain disclosures and actions only upon receipt of a “verifiable consumer request,” please provide sufficient information with you request to allow us to verify that you are the person, or an authorized representative of that person, about whom we collected personal information.

HOW WE WILL VERIFY AND RESPOND
Before we respond to any request involving personal information, CCPA, where applicable, requires that we confirm the identity of the person making the request, and if the request is made on behalf of another person, his or her authority to make the request on the other person’s behalf. Accordingly, we reserve the right to deny any request where we are unable to satisfactorily confirm the identity or the right of the person to make the request. We will attempt to verify your identity by matching any information provided in the request against the personal information already in our possession. If you have authorized someone else to make a request on your behalf, we will attempt to verify the identity of that person and that you have authorized that person to submit a request on your behalf, which may include requesting a copy of any written authorization or power of attorney applies to the request.

The amount of information we may require in our verification process will depend on a variety of factors including the nature of the request, the type, sensitivity, and value of the personal information in our possession, the potential risk of harm that could result from unauthorized access or deletion of your personal information, the likelihood that fraudulent or malicious actors would seek your information, and whether the information provided to us is sufficient to protect against fraudulent requests or being fabricated or spoofed. For example, we may require more points of confirmation if the request is to disclose specific pieces of information rather than only categories of information in our possession. During our verification process, we may request additional information from you. Any such additional information will be used only for purposes of verification of the request.

We will endeavor to respond within forty-five (45) days of receipt of a verifiable consumer request. If, however, we are unable to respond within that time, we will notify you of the reason and the additional time needed to make our response. CCPA permits us to extend the time of our response by up to an additional 45 days.

If we deny a request in whole or in part, we will explain the reasons for our denial.

CCPA’S LIMITATIONS ON DISCLOSURES
We are not obligated under CCPA to respond to any request where compliance or disclosure would violate an evidentiary privilege under California law or conflict with federal or state law.

CCPA does not require that we provide personal information to a consumer more than twice in a twelve-month period. Any disclosures we make in response to a request will cover only the twelve-month period preceding the request.

We will not charge a fee to process or respond to your request and will provide the information free of charge. Where a person’s requests are repetitive, manifestly unfounded, or excessive, CCPA authorizes us to either charge a reasonable fee that takes into account our administrative costs or refuses to act on the request and notify the person making the request of the reason for our refusal. If we determine that a request warrants a fee, we will explain our decision and will endeavor to provide a cost estimate.

Regulations proposed by the California Attorney General prohibit us from disclosing specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of that information or the security of our systems or networks. The proposed regulations further prohibit us from disclosing in response to a consumer’s request a Social Security Number, driver’s license number, other government identification number, financial account numbers, health insurance or medical identification numbers, account passwords, or security questions and answers.

NON-DISCRIMINATION
We will not discriminate against you for exercising any of your CCPA rights. This means, for instance, that we will not deny you services or charge you a different price, including a discount or other benefit, or impose a penalty for the exercise of your CCPA rights.

OTHER CALIFORNIA PRIVACY RIGHTS
The California Civil Code permits California Residents with whom we have an established business relationship to request that we provide you with a list of certain categories of personal information that we have disclosed to third parties for their direct marketing purposes during the preceding calendar year. To make such a request please send an email to info@carmelbeachhotel.com. Please mention that you are making a “California Shine the Light” inquiry.

Visitors from outside of the United States

If you are visiting our website from outside the United States (“U.S.”), any information you voluntarily provide via our website and any technical information from the browser of your computer, tablet, or mobile device will be transferred out of your country and into the U.S. where we are located. The protections available to the privacy of your personal information in the U.S. may significantly differ from the protections available in your country. If you do not want any personal information to be transferred to the U.S., please do not provide that information to us via our websites.

VISITORS FROM THE PEOPLE’S REPUBLIC OF CHINA
On November 1, 2021 the Personal Information Protection Law (“PIPL”) goes into effect in the People’s Republic of China (“China”). The PIPL extends certain rights to natural persons in China involving the privacy of their personal information.

We are the personal information handler for any personal information provided to us from persons in China. We do not have a representative in China. As noted earlier, we may transfer your personal data to another country or international organization as needed.

We will retain any personal information that you provide us for as long as necessary to fulfill the business purposes for which it was provided and to meet legal obligations unless you request that information be deleted at an earlier date. If that information is subject to a litigation hold or is required to assert or defend a legal claim, then we will hold that information until the claim or action is finally resolved.

The PIPL grants Chinese residents with the right to request that we supplement, correct, or complete his or her personal information, and to delete or erase, in certain circumstances, any of that personal information from our records. The PIPL also grants Chinese residents with the right to restrict the processing of personal information and the right to withdraw your consent at any time to our possession or processing of your personal information. Chinese residents also have a right to access and copy their personal information and have it transferred to a different personal information handler. A Chinese resident, and in the event of their death, their next of kin, can exercise any of these rights by sending an email to info@carmelbeachhotel.com.
You also have the right to lodge a complaint with the supervisory authority in China.

VISITORS FROM THE EUROPEAN UNION
On May 25, 2018 the General Data Protection Regulation (“GDPR”) goes into effect in the European Union (“EU”). The GDPR extends certain rights to natural persons in the EU involving the privacy of their personal information.

We are the data controller for any personal information provided to us from persons in the EU. We do not have a representative in the EU. As noted earlier, we may transfer your personal data to another country or international organization as needed.

We will retain any personal information that you provide us for as long as necessary to fulfill the business purposes for which it was provided and to meet legal obligations, unless you request that information be deleted at an earlier date. If that information is subject to a litigation hold, or is required to assert or defend a legal claim, then we will hold that information until the claim or action is finally resolved.

The GDPR grants EU residents with the right to request that we update, correct, or complete his or her personal information, and to delete or erase any of that personal information from our records. It grants EU residents with the right to object to processing of personal information in certain instances, such as for direct marketing purposes. The GDPR also grants EU residents with the right to restrict the processing of personal information when you believe the information in our possession is inaccurate, that our processing is unlawful, that we no longer need the information for purposes of the processing, or where you have objected to that processing. You may withdraw your consent at any time to our possession or processing of your personal information. EU residents also have a right to request access to their personal information, and to request certain information about its processing. The GDPR also grants EU residents with the right to obtain a copy of any personal information that is processed by automated means which you voluntarily provided to us in a commonly used, structured, machine-readable format, or to have that information transferred to another controller when it is technically feasible. An EU resident can exercise any of these rights by sending an email to info@carmelbeachhotel.com.

You also have the right to lodge a complaint with the competent supervisory authority of an EU member state.

We will review any requests we receive from EU residents and will endeavor to respond in a timely manner. For security reasons, we may request specific information from you to help us confirm your identity before taking action on any request, and to ensure your right of access and the exercise of any GDPR right does not adversely affect the rights of others.

We reserve the right to refuse to act on a request, or to charge a reasonable administrative fee when a request is either manifestly unfounded or excessive because of its repetitive character, and to charge a reasonable administrative fee to requests for further or additional copies

Changes to this policy

We reserve the right to change or update this policy, or any other policies or practices, at any time, at our sole discretion, and without notice or liability to you or any other person. Any changes or updates will be effective immediately upon posting to any of the websites. The collection, use, and disclosure of your personal information by us will be governed by the version of this policy in effect at that time. New versions of this policy will be posted here. Your continued use of the websites will signify that you consent to the collection, use, and disclosure of your personal information in accordance with the changed policy. Accordingly, we recommend that you periodically review this policy to ensure that you are familiar with its most current version.