Your Privacy Rights
Last Updated: February 14, 2020
AAH (“we,” “our,” or “us”) is an indirect subsidiary of Marriott Vacations Worldwide Corporation (“MVWC”) which is a global vacation company that offers vacation ownership, exchange, rental, and resort and property management, along with related businesses, products and services.
1. California Consumer Privacy Act of 2018
The California Consumer Privacy Act of 2018 (“CCPA”) requires that we provide consumers that reside in California certain information about how we collect, use or disclose your personal information. Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. It does not include publicly available data as defined by the CCPA.
The type of personal information we collect, use, and disclose will depend on your interaction or relationship with us. The chart below generally identifies the personal information we collect based on the categories of personal information set forth in the CCPA.
Categories of personal information as set forth in the CCPA
Personal information we collect
Name, Contact Information and other Identifiers: Identifiers such as a real name, alias, address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
We may collect information such as your name, address, email address, telephone numbers, and IP address. In more limited circumstances, we may collect information such as social security number or tax identification number.
Customer Records: Paper and electronic customer records containing personal information, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, employment history, social security number, passport number, driver’s license or state identification card number, insurance policy number, bank account number, credit card number, debit card number, or any other financial or payment information, medical information, or health insurance information.
We may collect information such as your name, address, email address, telephone numbers, and credit or debit card information. In more limited circumstances, we may collect information such as social security number and other financial or payment information.
Protected Classifications: Characteristics of protected classifications under California or federal law such as race, color, sex, age, religion, national origin, disability, citizenship status, and genetic information.
We may collect information such as your gender or age.
Purchase History and Tendencies: Commercial information including records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
We may collect information such as the products or services you purchased or utilized.
Biometric Information: Physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including DNA, imagery of the iris, retina, fingerprint, faceprint, hand, palm, vein patterns, and voice recordings, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
We may collect voice recordings when we monitor and record telephone calls.
Usage Data: Internet or other electronic network activity information, including, but not limited to, browsing history, clickstream data, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement.
We may collect this information as part of your interaction with our Website or and through advertisements.
Geolocation Data: Precise geographic location information about a particular individual or device.
We may collect information such as your postal address, zip code, or the location associated with an IP address or particular device.
Audio, Video and other Electronic Data: Audio, electronic, visual, thermal, olfactory, or similar information, such as, CCTV footage, photographs, and call recordings and other audio recording (e.g., recorded meetings and webinars).
We may collect voice recordings when we monitor and record telephone calls, photos or videos that are tagged or shared with us through social media posts, or audio, video, or images captured in security footage of our resorts.
Professional or employment-related information: Employment history, qualifications, licensing, disciplinary record.
We do not collect this information unless you are a job applicant.
Education Information: Information about education history or background that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).
We do not collect this information.
Profiles and Inferences: Inferences drawn from any of the information identified above to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.
We may collect or derive information such as your preferences, characteristics, predispositions, and behavior based on other information we have about you.
Third-Party Cookies & Similar Technologies:
California Resident Rights:
If you are a California resident, you have certain rights with respect to your personal information as set forth below.
Request to Delete: You may request that we delete personal information we have collected about you, subject to certain exemptions provided by law.
Request to Know: You may request, subject to certain exemptions, that we disclose to you the categories of personal information collected; the categories of sources of personal information; the business or commercial purposes for collecting and selling your personal information; the categories of third parties with whom we have shared your personal information; the categories of personal information that we have disclosed or shared with a third party for a business purpose; the categories of third parties to whom your personal information has been sold and the specific categories of personal information sold to each category of third party; and the specific pieces of personal information that we have collected about you in the prior 12 months.
Request to Opt-out of Our Sale of Your Personal Information: We do not sell your personal information.
Submitting Requests: To make a Request to Delete or a Request to Know, please contact us at 844-870-2582 or email@example.com. Please include your full name, postal address, and email address. If you designate an authorized agent to make a request on your behalf, we require you to provide a written and signed authorization of your agent’s permission to exercise your rights on your behalf as provided for in this section. Please include your full name, postal address, and email address along with your agent’s full name, postal address, email address, and relationship to you.
If we are not able to verify your identity based on this information, we will take additional steps to verify your identity before responding to your request. We will respond to verifiable requests received from California residents or their authorized agents in accordance with the law, which provides certain exemptions for disclosure or deletion. For example, if you make a reservation, we may retain your personal information as permitted by law to provide the service you requested.
These rights do not apply to personal information we collect about job applicants, independent contractors, or our current or former full-time, part-time and temporary employees and other staff, or information we collect when we act as a service provider.
Non-Discrimination: We are not permitted to nor do we discriminate against California residents who exercise their rights under the law.
2. Other California Privacy Rights
We may provide this information in a standardized format that is not specific to you. The designated email address for these requests is firstname.lastname@example.org. Privacy rights under Shine the Light and the CCPA are provided under different legal rules and must be exercised separately.
At this time, we do not respond to browser “do not track” signals, as we await the work of interested stakeholders and others to develop standards for how such signals should be interpreted. Third parties, including our authorized service providers, may collect information about your online activities over time and across different websites, including when you visit our Website.
For individuals in the European Union (EU), for the purposes of the General Data Protection Regulation (known as the GDPR), the controller of any personal data collected by AAH is Aqua-Aston Hospitality, LLC., of 2155 Kalakaua Ave, #500, Honolulu, HI 96815. AAH’s central administration in the EU and, therefore, its main establishment for the purposes of establishing a lead supervisory authority in accordance with the GDPR, is the United Kingdom. Accordingly, the lead supervisory authority for AAH in the EU is the Information Commissioner's Office (the ICO).
Purpose and legal basis for processing
When you provide us with your information on the “Contact Us” page we will use it for the purposes of administering your query and responding to you. We therefore have a legitimate interest in processing your personal data in this way.
When you make a reservation through AAH, we will process your personal data to complete the transaction and communicate with you in order to perform the requirements of the contract to which we are both a party in relation to that transaction.
Where we use your personal data for marketing purposes, we will provide you with an opportunity to unsubscribe from receiving such communications as part of every communication we send to you. If you would like to stop receiving marketing from AAH, you can do this by contacting us using the contact information below, unsubscribing using the unsubscribe link in any email you receive from us, or where you have an A-List profile, by updating your preferences on the profile page of the Website.
Information we collect about you
In General. We may collect personal information that can identify you such as your name and email address and other information that does not identify you. When you provide personal information through our Website, the information may be sent to servers located in the United States and other countries around the world.
- Information you provide. We may collect and store any personal information you enter on our Website or provide to us in some other manner. This includes identifying information, such as your name, address, email address, telephone number and fax telephone number, and, if you transact business with us, financial information such as your payment method (valid credit card number, type and expiration date or other financial information). We also may request information about your interests and activities, your gender and age, and other demographic information. If you make a reservation for someone else through our Website, you will need to submit that individual’s personal information. You must obtain the consent of other individuals prior to providing us with their personal information, as any access to view or modify their information will be available only through your account on our Website.
- Location Information and Other Information from Devices. When you access our Website from a device, we may collect information about your location if you have instructed your device to send such information via the privacy settings on that device. You can change the privacy settings of your device at any time in order to turn off the functionality that shares location information and/or the functionality to tag your photos with location information. If you have any questions about the privacy settings of your device, we suggest you contact the manufacturer of your device or your mobile service provider for help.
What are Cookies?
Cookies are small unobtrusive files that may be used to store information on your computer. This allows us to recognize your computer and helps our Website understand certain information allowing us to customize the experience during your visit. Session cookies and Persistent cookies are the two types of cookies used.
- Session cookies allow you to navigate through the Website without having to re-enter pertinent session information. These cookies are essential to site functionality and will be automatically deleted from your computer when you leave our Website by closing your browser or navigating to another website.
- Persistent cookies are used to recognize you as a visitor and remember certain information about your preferences. These cookies will be stored on your computer until they expire or are manually deleted. Persistent cookies are considered non-essential to site functionality.
Cookies used by AAH – [Please click here for the detailed list of cookies]
- Essential Cookies - These cookies are required as part of our Website functionality for server load balancing and user session management. The Website will not function properly without the use of these Session cookies, which are only active during the length of your visit to the Website.
- Non-Essential Cookies
While not required for the Website to function, these Persistent cookies allow us to enhance your online customer experience.
- LoginID - We use a loginID cookie allowing you to select “Remember Me” on the Website home page so that your login ID is saved the next time you visit the Website.
- We use analytics software to carry out statistical analysis of page use, page interactions and paths through the Website. This enables us to understand customer behavior and needs, improve customer service, and continuously enhance the online user experience. This information is not sold to any third parties.
- Website behavioral information may be used to provide Website visit information via email; however, we will only send these emails when customers have given us permission to do so, for example through providing their consent in the communication preferences in the ‘My Profile’ section of the Website. We will provide you with an opportunity to unsubscribe from receiving such communications as part of every communication we send to you.
- We also use web beacons in select emails for additional analysis. This allows us to understand email activity on an aggregate level. This technology does not collect user specific information.
Third Party Partner and Online Advertising Cookies
To improve the user experience, we may allow carefully selected service providers to enrich the content of the Website or to provide additional services to our visitors. When you navigate to these areas of the Website you may be presented with cookies from these providers as outlined here. We have no control over these cookie sets and assume no responsibility for their use. We recommend that when you visit these areas, you review these providers’ privacy and cookie policies where applicable.
We may use Facebook Products (as defined by Facebook, which includes Messenger, Instagram and Audience Network) that enable us to follow the actions of visitors to our Website who are redirected to our Website after clicking on a Facebook advertisement; record the effectiveness of Facebook advertisements for marketing, statistical, and market research purposes; serve targeted advertisements on Facebook that match interests determined by your activity on our Website and deliver ads on other websites within the Facebook Audience Network. For further information on Facebook's data collection and use and about your rights and options to protect your privacy, please refer to Facebook's data protection policies at https://www.facebook.com/about/privacy/. You also can deactivate the Facebook Conversion Tracking Pixel at https://www.facebook.com/settings/?tab=ads#_=_.
We may also use Google Marketing Platform, Google Ad Manager, and Google Display Network for marketing and remarketing purposes and may allow third-parties, including our service providers, advertising companies, and ad networks, to display advertisements on our Website. This technology enables (a) users who have already visited our Website and have shown interest in our products or services to see targeted advertising on websites within the Google Partner Network and (b) us to provide targeted advertising based on user interest. Our Website does not provide any personal information to these third parties. These companies may use tracking technologies, such as cookies, to collect information about users who view or interact with their advertisements. This information allows them to deliver targeted advertisements and gauge their effectiveness. More about Google Marketing Platform and Google Ad Manager may be found at http://support.google.com/dfp_premium/answer/2839090. If you would like to opt out of such ad targeting from Google, please visit the Google Ads settings page at http://www.google.com/settings/ads.
Managing Your Cookies
Should you choose to block our cookies, some parts of the Website may not be fully functional and in some cases will not be accessible. For more information on how to manage your browser cookie settings or how to delete cookies on your hard drive, visit www.aboutcookies.org or use your browser’s help section.
How we use the information we collect
In General. We may use information that we collect about you to:
- process your reservation and perform services that you have requested;
- manage your account and provide you with customer support;
- perform research and analysis about your use of, or interest in, our products, services, or content;
- with your consent, communicate with you by email, postal mail, telephone and/or mobile devices about products or services that may be of interest to you either from us, another MVWC subsidiary or third parties. Please note that we reserve the right to send you other communications, including service announcements, administrative messages, and surveys relating either to your account or to your transactions on this site, without offering you the opportunity to opt out of receiving them;
- with your consent, develop and display content and advertising tailored to your interests on our site;
- verify your eligibility and deliver prizes in connection with contests and sweepstakes that you have entered;
- enforce our terms and conditions;
- manage our business and
- perform functions as otherwise described to you at the time of collection.
Financial information. We may use financial information or payment method to process payment for any purchases made on our Website, to protect against or identify possible fraudulent transactions, and otherwise as needed to manage our business.
With whom we share your information
We want you to understand when and with whom we may share personal or other information we have collected about you or your activities on our Website or while using our services.
Personal information. We do not share your personal information with others except as indicated below or when we have your consent. We may share personal information with:
- Authorized service providers. We may share your personal information with our authorized service providers that perform certain services on our behalf. These services may include processing reservations, processing credit card payments, providing resort services, delivering packages, providing customer service and marketing assistance, performing business and sales analysis, supporting our Website functionality, and supporting contests, sweepstakes, surveys, employment placement and other features offered through our Website. These service providers may have access to personal information needed to perform their functions but are not permitted to share or use such information for any other purposes.
- Social Media Services. You can choose to access certain third party social media websites and services through our site. When you do so, you are sharing information with those sites, and the information you share will be governed by their privacy policies. You may also be able to modify your privacy settings with these third party social media websites.
- Other Situations. We also may disclose your information:
- In response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.
- When we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our Website terms and conditions or other agreements or policies.
- In connection with a substantial corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.
Aggregated and non-personal information. We may share aggregated and non-personal information we collect under any of the above circumstances. We may also share it with our affiliated companies and third parties to develop and deliver targeted advertising on our Websites and on websites of third parties. We may combine non-personal information we collect with additional non-personal information collected from other sources. We also may share aggregated information with third parties, including advisors, advertisers and investors, for the purpose of conducting general business analysis. For example, we may tell our clients the number of visitors to our Website and the most popular resorts, features or services accessed. This information does not contain any personal information and may be used to develop website content and services that we hope you and other users will find of interest and to target content and advertising.
Please note that while we will protect your information on AAH owned and operated Websites, we cannot control and will not be responsible for the privacy policies of third party websites, including websites owned or controlled by independent owners’ associations, vendors, service providers, or travel providers that may have a business relationship with AAH, or other websites not controlled or authorized by AAH.
How you can access your information
Data protection laws in the EU (including but not limited to the GDPR) give individuals in the EU a number of rights in respect of their data, including:
Right to access
You have the right to request a copy of any personal data that we hold about you. If you would like a copy of your personal data please contact us. We may request proof of your identity before sharing such information.
Right to rectify your personal data
If you discover that the information we hold about you is incorrect or out of date, you may ask us to correct that information.
Right to be forgotten
You may ask us to remove the personal data we hold about you in certain circumstances; this removal may be effected by deletion or use of another technology that allows us to mask the information we have about you or your transaction history such that it can no longer be used to personally identify you. It may not be possible for us to remove all of the information we hold about you where we have an ongoing business relationship with you, or you have a pending or confirmed reservation with AAH or we otherwise have a legal basis to retain the information. However, please contact us to discuss how we can assist with your request.
Where we process your data on the basis that you have consented to such processing, you have the right to withdraw your consent at any time using the contact information below.
In addition to the above, you may also ask us to stop or restrict processing of the personal data we have about you. You may also ask us to transfer your personal data to a third party in certain circumstances. If you would like any further information about these rights or how to exercise them, please contact us.
Your choices about collection and use of your information
You can choose not to provide us with certain information, but that may result in you being unable to use certain features of our Website because such information may be required in order for you to make reservations, purchase services; participate in a contest, promotion, survey, or sweepstakes; ask a question; or initiate other transactions on our Website.
You will be given the opportunity, in any commercial email that we send to you, to opt out of receiving such messages in the future. It may take up to 10 days for us to process an opt-out request. We may send you other types of transactional and relationship email communications, such as reservation confirmations, service announcements, administrative notices, and surveys, without offering you the opportunity to opt out of receiving them.
How we protect your personal information
We take appropriate security measures (including physical, electronic and procedural measures) to help safeguard your personal information from unauthorized access and disclosure. We want you to feel confident using our Website to transact business. However, no system can be completely secure. Therefore, although we take steps to secure your information, we do not promise, and you should not expect, that your personal information, or other communications will always remain secure. Users should also take care with how they handle and disclose their personal information and should avoid sending personal information through insecure email. Please refer to the Federal Trade Commission's website at http://www.ftc.gov/bcp/menus/consumer/data.shtm for information about how to protect yourself against identity theft.
Bulletin boards and reviews
In the future, we may provide areas on our Website where you can post information about yourself, as well as post reviews of resorts, vacation activities, tours and the like, or upload content (e.g. pictures, videos, audio files, etc.). Such postings may appear on other websites or when searches are executed on the subject of your posting. Also, whenever you voluntarily disclose personal information on publicly-viewable web pages, that information will be publicly available and can be collected and used by others. For example, if you post your email address, you may receive unsolicited messages. We cannot control who reads your posting or what other users may do with the information you voluntarily post, so we encourage you to exercise discretion and caution with respect to your personal information.
By submitting, uploading or granting permission on social media to use your photos, text, graphics, audio, video, location information and comments ("Content"), you represent and warrant that you are at least 18 years old and own all rights to the Content, including all rights of copyright, that you hereby give AAH the unrestricted rights to use Content in perpetuity in any form, channel or medium and for any purpose, that you release all claims whether known or unknown arising from AAH’s use of the Content and that you agree to indemnify, defend and hold AAH and its affiliates harmless from any claim that AAH use of the Content infringes on the rights of, or causes injury to, any third party. AAH shall have the right to determine in its sole discretion whether to use, and shall have no obligation to use, the Content, which it may delete or remove it at any time for any reason or for no reason. You may revoke the granting of rights to AHH by submitting a request to email@example.com. AAH will process your request as soon as possible.
Our Website is a general audience site, and we do not knowingly collect personal information from children under the age of 13.
Visiting our Websites from outside the United States
No Rights of Third Parties
How to contact us
Aqua-Aston Hospitality, LLC
2155 Kalakaua Avenue, 5th Floor
Honolulu, HI 96815-2398