RevPAR Collective complies with the U.S. – Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from Switzerland. RevPAR Collective has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the Safe Harbor program, and to view RevPAR Collective's certification, please visit http://www.export.gov/safeharbor/.
RevPAR Collective, Inc. participates in and has certified that it adheres to the EU-U.S. Privacy Shield Framework principles (Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability) regarding the collection, use, and retention of Personal Information from European Union (EU) member countries. If there is a conflict between the policies set forth below and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
RevPAR Collective, Inc. is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. RevPAR Collective, Inc. complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, RevPAR Collective, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, RevPAR Collective, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov], you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
This Policy applies only to Personal Information, i.e. information that could be used to identify you such as your name and contact information, including physical and mailing address, postal code, email address, occupation, employment information, telephone number, and payment information. It does not cover data we collect that cannot be used to identify an individual or to pseudonymous data. Nor does it include encoded or anonymized information or aggregated data which we collect or create about a group or category of services, features or users which does not contain personally identifying information.
Stash Site Visitors
We collect information from Visitors to the Stash Site, both Members and non-Members, when they voluntarily provide it to us on the Stash Site. The information we collect may vary based on your use of the Stash Site. For example, we may request your name, street address, phone number and/or email address when you request information relating to RPC, a Participating Hotel, the Stash Site or Stash program, or when you respond to one of our online surveys.
If you send us an email from the Stash Site, we may retain your email (including the email address from which it was sent), our response(s) and any follow up communications that you send. This information may be used to assess the extent to which your questions or concerns were addressed and to improve our Stash program and Stash Site.
From time to time we may offer an "invite friends" feature on the Stash Site that allows you to send an electronic message to a friend. If you choose to use this feature, we will ask you for your email address, the recipient's name and email address, and the text of any message you choose to include. You can import contacts from your Outlook or other email account address book to invite them to become members of our website. We collect the username and password for the email account from which you wish to import your contacts, and will only use your Personal Information for that purpose. By using the invite friends feature, you represent and warrant to us that you are entitled to provide us with the recipient's name and email address for this purpose. We will only use recipient names and email addresses to send the one time invitation emails. We will not send any further communications to recipients unless and until they enroll in the Stash program and agree to the terms and conditions of membership, including this Policy. We store this information for the sole purpose of sending this one-time email and tracking the success of our referral program. We may receive Personal Information about you (e.g., your name and email address) from other Members as part of the invite friends feature. We may allow the referring Member to check the status of your invitation and will notify that Member when and if you join the program and when you have your first stay at a Participating Hotel.
Your friend may contact us at member support to request that we remove this information from our database.
Technologies such as: cookies, beacons, tags and scripts are used by RPC and our marketing partners, affiliates, and analytics providers. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you and to improve marketing, analytics, and site functionality. The collected information is not used for any other purpose.
We use Local Storage, such as HTML5, to store content information and preferences. Third Parties with whom we partner to provide certain features on our site use LSOs such as Flash and HTML5 to collect and store information. To manage Flash LSOs please click here.
We partner with a third party to either display advertising on our website or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of being served ads. You will continue to receive generic ads.
We collect certain information from Members when they enroll in the Stash program. Members are required to provide their name, address and email address and may also provide their phone number. The email address you provide at the time of enrollment will serve as your Stash Member ID. In addition, you will create a password at the time of enrollment which you will need to access your Member account ("Account") information and preferences.
We maintain personal profiles for Members containing hotel stay preferences and other information that they voluntarily provide to us. Examples of the types of voluntary information we may seek in the Member profile include (i) preferred amenities (ii) whether the Member participates in other travel rewards programs. Creating and completing a member profile allows you to make reservations and redeem Stash Points more easily and also allows us and our Participating Hotels to enhance your membership and hotel stay experiences. We may share a Member's preference profile with a Participating Hotel when the Member books a stay at that Participating Hotel through a Stash Site and/or when we otherwise learn of a Member's upcoming stay at a Participating Hotel.
We may also collect non-personal information relating to Members, such as aggregated Participating Hotel stay data, responses to surveys and/or promotional offers, communication preferences, travel patterns (e.g., frequency of travel, frequent destinations, etc.) or use of the Stash Sites.
Following a Member's check-out from a Participating Hotel, the Participating Hotel will provide us with information relating to the stay, including the Member's email address, check in and check out date, reservation number, room type, rate code and folio amount. This stay information is used to credit the appropriate number of Stash Points (if any) to the Member's Account and may also be used to identify and send targeted promotional offers to the Member. We may also extrapolate certain information from such stay data, such as a Member's frequency of travel and/or frequency of stays in Participating Hotels, and share such information with a Participating Hotel when we learn of a Member's upcoming stay at that Participating Hotel.
The Stash Site is intended for users over the age of majority. We do not target or direct the Stash Site towards children under the age of 13, and children under 13 should not provide Personal Information to the Stash Site.
When you enroll in the Stash Hotel Rewards Program or use the Stash Site you have the opportunity to create a profile. By doing so you are specifically consenting to our collection and use of any Personal Information you provide to us, the terms of this Policy and our Terms.
Also, when you register on the Stash Site you may be given a choice to receive email messages and/or newsletters about product updates, improvements, special offers, or content. At any time you can choose to no longer receive commercial or promotional emails or newsletters from us by using the email address associated with your account to send an email to Member Support with the word “Unsubscribe” in the subject line or following the opt-out process below. You also will be given the opportunity, in any commercial email that we send to you, to opt out of receiving such messages in the future. It may take up to ten (10) days for us to process an opt-out request. We may send you other types of transactional and relationship email communications, such as service announcements, administrative notices, and surveys, without offering you the opportunity to opt out of receiving them. Please note that changing information in your account or otherwise opting out of receipt of promotional email communications will only affect future activities or communications from us. If we have already provided your information to a third party (such as a credit card processing partner) before you have changed your preferences or updated your information, you may have to change your preferences directly with that third party.
Stash Site Visitors
We will use Personal Information provided by Visitors to the Stash Site for the purpose it was provided and as otherwise disclosed at the time the information is provided.
We may use Members' Personal Information: (a) to provide services, such as processing a redemption transaction for a stay at a Participating Hotel, (b) to improve our services and better understand your needs and requests, for example, by analyzing Member travel and hotel stay activities and patterns, (c) to send Members electronic communications from us, including monthly Account balance statements, other notices regarding your Account and Member surveys, (d) to send Members offers and other promotional communications, which may include promotions or offers from Participating Hotels, provided that the Member has not opted out of receiving such promotional communications, or (e) to establish and maintain Member accounts and other business records and comply with accounting requirements.
Sharing of Personal Information
We will share your Personal Information with third parties only in the ways that are described in this Policy. If you do not want us to share your Personal Information with these companies, you may delete your membership account via the Delete Account section in the My Account section of the website. If you delete your account, you will no longer be able to use certain features of our site or services or accrue or redeem Stash Points.
We may share Members' Personal Information with our Participating Hotels. For example, we may share a Member's personal preference profile and point balance with a Participating Hotel when we are aware that the Member has booked a stay at that hotel. We will also match a Member's Stash Member ID against guest stay information provided to us by the Participating Hotels to ensure that Stash Points are credited to the Member's account in connection with Eligible Stays. We will also provide Members' Personal Information to Participating Hotels in connection with hotel transactions they book through the Stash Site. Information that Members directly provide to a Participating Hotel (for example, when booking a stay on their website or at check in or check out) is subject to that Participating Hotel's own privacy practices and policies.
We may share Members’ Personal Information with Synchrony Financial, our financial services partner, so that Stash may offer Members the opportunity to apply for the co-brand Stash Hotel Rewards® Visa® Card. Specifically, we may share Members’ name, mailing address, email address, and telephone number with Synchrony so that we can identify Members who may be interested in learning about and applying for the Stash Hotel Rewards Visa credit card. If you do not want this information shared you may delete your membership account via the Delete Account section in the My Account section of the website.
We may use third party service providers to provide specific business support services to us which may involve limited access to your Personal Information. We require these companies to use the information only to provide the contracted services and prohibit them from transferring the information to another party except as needed to provide the contracted services. Examples of such services include sending emails, conducting and administering promotions, executing surveys, providing customer service, performing business analysis, and processing payments. When we employ another company to perform a function for us, we only provide them with the information that they need to perform their specific function. We are not responsible for the actions of service providers or other third parties, nor are we responsible for any additional information you provide directly to any third, parties.
We also may disclose your Personal Information to other third parties in conjunction with entering into an agreement for the sale of our stock or assets or if we are involved in bankruptcy proceedings. The recipient of Personal Information following such actions may have privacy policies that differ from those in this Policy. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
Any third parties to whom we may disclose Personal Information may have their own privacy policies that describe how they use and disclose Personal Information. Those policies will govern use, handling, and disclosure of your Personal Information once we have shared it with those third parties as described in this Policy. If you want to learn more about their privacy practices, we encourage you to visit the websites of those third parties. These entities or their servers may be located either inside or outside the United States.
Security and Integrity
We will take reasonable steps to protect the Personal Information we collect from loss, misuse and unauthorized access, disclosure, alteration and destruction. When you enter Personal Information on our registration forms or within your Account, we encrypt that information using secure socket layer technology (SSL). We, and the service providers maintaining or otherwise handling such Personal Information on our behalf, have put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Personal Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. For example, electronically stored Personal Information is stored on a secure network with firewall protection, and access to our electronic information systems requires user authentication via password or similar means. We also employ access restrictions, limiting the scope of employees who have access to Personal Information. Nevertheless, any information transmitted over the Internet may be subject to breaches of security and we cannot guarantee the security of information you send to or receive from us. Any electronic transmissions that you submit or accept are at your own risk. If you have any questions about security on our Stash Site, you can email us at email@example.com.
Social Media Widgets
Our website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your Personal Information from our blog or community forum, contact us at member support. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so and why. Alternatively, if you used a third party application to post such information, you can remove it, by either logging into the said application and removing the information or by contacting the appropriate third party application.
We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at member support.
Members have the choice not to complete and submit a personal profile to us and/or to opt out of receiving promotional electronic communications from us. Members can opt out of promotional electronic communications by following the directions contained in such communications or by changing their communications preferences at that My Account portion of the Stash Site here. Members will need their Stash Member ID and password to access this portion of the Stash Site.
Stashrewards.com is hosted in the United States and is intended for visitors located within the United States. If you choose to use the Stash Site from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing. Also, the Stash Site may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Stash service. By providing any information, including Personal Information, to RevPAR Collective, you consent to such transfer, storage, and processing.
Do Not Track
Changes to this Policy
If there is a change of ownership or control in RevPAR Collective’s business (whether by merger, sale, or otherwise) or if there is an asset sale, Visitor information, including your Personal Information, could be disclosed as part of such a process and / or sold as part of that transaction and your Personal Information potentially could be used by the purchaser. However, if that business materially changes this Policy or the information-handling practices as described in this Policy, you will be notified by email and/or through a notice posted on the website, and you may opt-out of the use of your existing information in a new manner. This Policy inures to the benefit of any successors or assigns of RevPAR Collective or the assets of RevPAR Collective.
Other Terms and Conditions
Your access to and use of the Stash Site and services are also subject to our Terms.
If you have any questions about this Policy or our privacy practices, or if you want to review, correct, delete inaccuracies or change Personal Information about you, you may do so by making the change within the My Account section of the Stash Site or by contacting us via member support or at the following address: RevPAR Collective, Inc. d/b/a Stash Hotel Rewards, 2225 E. Bayshore Road, Suite 200, Palo Alto, CA 94303. We will respond to your request to access within 30 days.
Upon request, RPC will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Information. To request this information please contact us via member support.
Please note that in an effort to prevent the unauthorized disclosure of Personal Information, you may be required to provide proof of identity in order to access Personal Information. If, upon review, you wish to deactivate your Member profile or update your Personal Information, you may do so by making the change on your My Account page or by emailing member support. We will respond to your request to access within 30 days. In some instances, however, information that you request to be removed may be retained in certain files for a period of time in order to troubleshoot problems. In addition, some types of information may be stored indefinitely on back-up systems or within log files due to technical constraints or financial or legal requirements. Therefore, you should not always expect that all of your Personal Information will be completely removed from our databases in response to your request.
In addition to the above, the following terms also apply to our collection, use and retention of Personal Information from persons who reside in EU member countries.
RevPAR Collective Inc. does not collect Sensitive Data from Visitors.
Except as otherwise provided in this Policy, RPC only discloses Personal Information to third parties who reasonably need to have access to the Personal Information for the purpose of the transaction or activity for which it was originally collected or to provide services to or perform tasks on our behalf or under our instruction. All such third parties must agree to use the Personal Information we provide to them only for the purposes for which we have engaged them, and they must either: (a) comply with the Privacy Shield Principles or another mechanism permitted by the applicable EU & Swiss data protection law(s) for transfers and processing of Personal Information; or (b) agree to provide adequate protections for the Personal Information that are no less protective than those set out in this Policy.
We also may disclose Personal Information for other purposes or to other third parties when you have consented to or requested such disclosure. Please be aware that we will disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. RPC is liable for appropriate onward transfers of personal data to third parties.
Access, Review and Update
You may request access to, and the opportunity to update, correct or delete, the Personal Information we have collected from your use of the Stash Site. Upon reasonable request and as required by the Privacy Shield principles, you may access this Personal Information in order to correct or amend it where inaccurate by logging into your My Account profile or by contacting our member support team. In making modifications you must provide only truthful, complete, and accurate information. We reserve the right to take appropriate steps to authenticate your identity and to charge you an adequate fee before providing access and to deny requests, except as required by the EU-U.S. Privacy Shield Framework. If you want to erase some or all of the Personal Information we have collected about you, please should submit a written request to RPC as below.
Questions and Complaints
If you have questions or complaints regarding this Policy or our handing of your Personal Information, please contact member support. We will promptly investigate and attempt to resolve complaints and disputes in a manner that complies with the principles described in this Policy. Residents of Switzerland covered by the US Swiss Safe Harbor Principles should contact us with questions at the same address.
Enforcement and Disputes
In compliance with the EU-U.S. Privacy Shield and the US Swiss Safe Harbor Principles, RevPAR Collective, Inc., commits to resolve complaints about your privacy and our collection or use of your Personal Information.
If you do not receive timely acknowledgement of your request or have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
In addition to the above, you may complain to your home data protection authority and can invoke binding arbitration for some residual claims not resolved by other redress mechanisms. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
The Federal Trade Commission has jurisdiction over RevPAR Collective’s compliance with this Policy and the EU-US Privacy Shield Framework. As a last resort, privacy complaints that remain unresolved after pursuing these and other channels may be subject to binding arbitration before the Privacy Shield Panel to be created jointly by the US Department of Commerce and the European Commission.
We will retain your information for as long as your account is active or as needed to provide you services. If you wish that we no longer use your information to provide you services, contact us at firstname.lastname@example.org. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Effective October 10, 2016