Privacy Policy | Sage Hospitality Group

PRIVACY POLICY

Last Updated: [2025-03-31]

This Privacy Policy (this “Policy”) explains the types of personal information Sage Hospitality Group (“Sage”) collects and how we collect, use, protect, and disclose this information. This Privacy Policy also tells you about the rights and choices you may have when it comes to your personal information.

This Policy applies to Sage, its affiliates, and any hotels, restaurants, spas, or other properties that are managed by Sage and that link to this Policy on their websites (collectively, “Company,” “we,” “us,” or “our”). This Policy applies to the information we collect when individuals, including guests, customers, job applicants, and contractors interact with the Company, including at our physical locations and through our websites where this Policy is referenced.

This Policy does not apply to: (i) any affiliate or property that is not managed by Sage or whose website does not link to this Policy; or (ii) our processing of personal information on behalf of and subject to the instructions of third parties, such as certain corporate customers. This Policy also does not apply to our current and former employees and their family members, dependents, or beneficiaries. If you are a California resident who is a current or former employee of the Company or a family member, dependent, or beneficiary of any of our current or former employees, you may request access to our Employee Privacy Policy by sending an email to yourprivacy@sagehospitalitygroup.com.

By using any of our products or services (our “Services”) and/or by agreeing to this Policy (e.g., in the context of registering for any of our Services), you understand and acknowledge that we will collect and use personal information as described in this Policy.

If you are in the European Economic Area (EEA), please see “ADDITIONAL INFORMATION REGARDING EEA, SWITZERLAND, AND UNITED KINGDOM RESIDENTS’ PRIVACY RIGHTS” below.

1. COLLECTION OF PERSONAL INFORMATION

We collect and process personal information based on your transactions and interactions with the Company and our Services. We may collect this information directly from you or from third parties to provide, improve, and personalize our Services, respond to your requests, and communicate with you.

What We Collect

The types of personal information we may collect include the categories described below. Some states, such as California, require that we use different names to describe the categories of information that we collect. For more information about these categories, please see the “ADDITIONAL INFORMATION REGARDING OTHER LAWS AND INDIVIDUAL RIGHTS” section of this Policy.

The types of personal information we may collect about you may include:

· Contact information: Name, telephone number, email, and postal address;

· Identifiers: Date of birth, username, login credentials;

· Information about your stay: Booking and reservation details and history, dates of stay, preferences with respect to rooms, communication methods and other personal preferences, dietary needs and other special requests, feedback about our Services, location information (e.g., when using WiFi), and information about other personal needs that we collect to ensure your wellbeing;

· Financial information: Credit card and other payment information, billing information, and payment history;

· Online and usage activity: Date and time of your visit to our websites, webpages visited, links clicked, browser ID, browser type, device ID, system and file access logs, browsing history, search history, usage history and other network activity information related to usage of Company networks and devices;

· Account information: Username, password, and access credentials for Company accounts and systems;

· Inferences: Analysis of information about your stay, which we use to develop inferences regarding individual preferences and characteristics; and

· Transactional data: Purchase history and other transactions.

We may also collect Sensitive Personal Information, which may include Social security, driver’s license, state identification card, or passport number; financial account numbers and security or access codes, passwords, or credentials allowing access to an account; precise geolocation; genetic data; biometric information for the purpose of uniquely identifying an individual; health-related information, including information related to symptoms, exposure, contact tracing, pandemics, or other public health emergencies; personal information collected and analyzed concerning an individual’s sex life or orientation; racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership; contents of a consumer’s mail, email, and text messages unless the Company is the intended recipient of the communication; and/or audio, visual, or surveillance recordings.

If you apply for employment or if we consider engaging you as an independent contractor, we may collect certain pre-hire and pre-contract information, including as applicable:

· Employment information: Application details, job history, education history, references, background checks, and pre-hire drug test results;

· Professional information: Certifications, licenses, performance records, and contract details.

2. HOW AND WHERE WE COLLECT YOUR PERSONAL INFORMATION

We may collect personal information about you from various sources, including:

· Direct interactions with you: We collect personal information when you use our Services, including when you visit our websites, check-in and otherwise interact with us at our physical locations, enter into a contract with us, make bookings, inquire about our offerings, provide feedback or complete surveys for us, apply for a job, or when we consider engaging you as an independent contractor;

Automatically: We may collect personal information automatically, including through cookies when you visit our websites, as well as data from surveillance cameras at our locations, and information collected when you use Company networks and devices; and/or
Third parties: We may also collect personal information from third parties, including business partners and service providers, such as marketing and hotel operations support vendors, social media platforms, lead generators, reservation and booking systems or agents, data firms, joint marketing partners, public databases, and if you are a job applicant or independent contractor, from recruiters, staffing agencies, personal references, former employers, educational institutions, and credit reporting agencies.

3. HOW WE USE YOUR PERSONAL INFORMATION

We may use personal information for the following purposes:

Service or request fulfillment: To process bookings, manage reservations, confirm stays, process payments and complete transactions, provide customer support, and otherwise to provide the Services or fulfill the purpose for which you provide personal information;
Communications: To notify you about updates, offers, and other relevant information regarding the Company and our Services;
Operational management: To support and improve hotel management operations and our Services, personalize and enhance user and customer experience, conduct analytics, process and maintain payments and records on transactions, and to ensure the physical safety of guests, customers, and other individuals;
Marketing and advertising: To send you marketing and advertising communications, including to personalize advertising and promotional content, manage promotions and events, and send targeted communications;
Compliance: To meet legal obligations and respond to requests from regulatory authorities; and/or
Security: To detect and prevent fraud, identity theft, and other malicious activities.

We may also use Sensitive Personal Information to fulfill specific service needs, comply with legal requirements, detect and prevent fraud, identity theft and other malicious activities, ensure safety, and/or for other related purposes that do not involve inferring characteristics about the individual.

We do not perform automated decision making or profiling with your personal information in furtherance of decisions that produce legal or significant effects concerning you under applicable law.

If you apply for a job or if we consider engaging you as an independent contractor, we may use your information to process your job application, verify references, assess qualifications, comply with relevant laws and regulations, manage recruitment processes, including conducting background checks and maintaining application records, engage in lawful monitoring of job applicant activities and communications when they are on Company premises or utilizing Company internet or devices, and/or to engage in corporate transactions requiring disclosure of job applicant records, such as for evaluating potential mergers and acquisitions of the Company.

4. WHEN AND WITH WHOM WE DISCLOSE PERSONAL INFORMATION

Selling and Sharing for Cross-Context Behavioral Advertising

We do not sell personal information in exchange for monetary consideration and we do not sell Sensitive Personal Information for monetary or any other valuable consideration. We also do not share Sensitive Personal Information with third parties for “cross-context behavioral advertising,” which for purposes of this Policy, means targeting advertising to consumers based on personal information obtained over time from their activities across nonaffiliated websites, applications, or services.

However, where consumer privacy laws define “sell” to include disclosing personal information for other, non-monetary consideration, we may “sell” personal information under such definitions, and we may also share personal information for cross-context behavioral advertising purposes, to:

· Affiliates, for cross-context behavioral advertising purposes, which may include certain contact information or identifiers; and/or

· Data analytics and marketing providers, for data analytics or website traffic, including certain Internet or other electronic network activity information.

When We Disclose Personal Information

We may disclose personal information with others in the following circumstances:

· At your request: We may disclose personal information when you direct us to do so, including when necessary to provide you with our Services or to otherwise fulfill the purpose for which you provide it;

· Legal compliance: We may disclose personal information when required by law or to respond to legal process;

· Protect our rights: We may disclose personal information to protect our property, rights, safety, and that of our employees, guests, customers, or others; and/or

· Business transactions: We may disclose personal information in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Sage’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.

Parties with Whom We Disclose Personal Information

We disclose personal information to the following types of third parties:

Affiliates and owners of properties managed by the Company: We disclose personal information to affiliates and to properties that we manage to support their operations, including to facilitate reservations, assist you in making arrangements or with requested purchases of products or services, to provide personalized experiences for guests and customers, and to comply with applicable law;
Service providers: We disclose personal information to service providers who assist us in performing business functions, including by providing property management services, customer relationship services, guest services support, financial and tax services, website hosting, order fulfillment, payment processing, marketing services, information technology and cybersecurity services, and data analytics. These parties only have access to the data needed to perform their functions and cannot use it for other purposes;
Business partners: We may disclose personal information to business partners, including airlines, car rental services, retail stores, credit agencies and other third parties to facilitate reservations, assist you in making arrangements or with requested purchases of products or services, or in connection with one of our partners’ loyalty programs (e.g., to earn or redeem points). We may also co-sponsor promotions, sweepstakes, or events with a third party and share your information when you provide it to facilitate these events. Further, we may share your information with third-party providers of ancillary services on-site at hotels or resorts to fulfill your service requests, such as spa, golf, concierge, and dining providers. If you provide additional information to such third parties, it will be subject to their privacy practices.
Regulatory authorities: We may disclose personal information to government authorities as required by law; and/or
Other third parties: We may disclose personal information to other third parties, such as marketing and advertising partners. This typically occurs via cookies or trackers on our websites and apps. For more details, please see USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES below.

5. USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES

Cookies are small files that a website may transfer to a user’s computer that reside there for either the duration of the browsing session (session cookies) or on a permanent (until deleted) basis (persistent cookies) that may be used to identify a user, a user’s machine, or a user’s behavior. We may use cookies under the following circumstances and for the following reasons:

· To provide you with Services and related features available through our websites;

· To authenticate users and prevent fraudulent use of user accounts;

· To identify whether users have accepted the use of cookies on a website;

· To compile data about website traffic and how users use the website to offer a better website experience;

· To understand visitor preferences for future visits, such as remembering login details or language preference, to provide a more personal experience, and to avoid you having to re-enter your preferences every time you visit the website; and/or

· To track your browsing habits to enable us to show advertising which is more likely to be of interest to you, including advertising by third parties on our website.

You may delete cookies from your web browser at any time or block cookies on your equipment, but this may affect the functioning of the website. You can prevent saving of cookies (disable and delete them) by changing your browser settings accordingly at any time. It is possible that some functions will not be available on our website when you deactivate cookies.

Do Not Track

Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals or other mechanisms that provide a choice regarding the collection of personal information about activities over time and across different websites or online services.

6. YOUR PRIVACY RIGHTS

As a guest, customer, job applicant, or independent contractor, you may have rights under certain consumer privacy laws regarding the collection, use, and sharing of your personal information, as described in more detail in ADDITIONAL INFORMATION REGARDING INDIVIDUAL RIGHTS.

We will make all required updates and changes within the time specified by applicable law and as required by law. When permitted by law, we may charge an appropriate fee to cover the costs of responding to the request. Such requests may be submitted in writing at yourprivacy@sagehospitalitygroup.com or by calling our toll-free privacy line at (883)-700-2444.

Access, Correction, and Deletion

You may have the right to access, correct, or request the deletion of your personal information under applicable laws. To make a request, you can contact us directly at yourprivacy@sagehospitalitygroup.com or call our toll-free privacy line at (883)-700-2444.

Marketing Communications

You can opt out of receiving marketing and promotional emails from us at any time by clicking the “unsubscribe” link at the bottom of any marketing emails we send you, or you may contact us directly at yourprivacy@sagehospitalitygroup.com to request removal. You may also opt out of receiving physical marketing mail by contacting us directly at yourprivacy@sagehospitalitygroup.com or calling our toll-free privacy line at (883)-700-2444. This opt out may not apply to information provided to the Company as a result of a purchase, registration, or other transactions.

Cross-Context Behavioral Advertising and Personalized Advertising

If you do not want us to share your personal information for such cross-context behavioral advertising purposes, you can request to opt out by emailing us at yourprivacy@sagehospitalitygroup.com or calling our toll-free privacy line at (883)-700-2444. Please note that, if applicable, your right to opt out does not apply to our sharing of data with service providers, with whom we work and who are required to use the data only on our behalf.

You can learn more about opting out of personalized advertising in web browsers by visiting the Digital Advertising Alliance (DAA) opt-out page or other similar industry opt-out platforms.

Cookies and Tracking Technologies

As explained above, we use cookies and similar tracking technologies on our websites to provide a personalized experience and deliver targeted advertising. You can control the use of cookies on our websites by changing your browser settings. See USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES above for more information.

Sensitive Personal Information

You may have the right under applicable law to limit our use and disclosure of Sensitive Personal Information for personalized recommendations, marketing, and advertising purposes; however, we do not use Sensitive Personal Information for such purposes.

7. CHILDREN UNDER THE AGE OF 16

Our websites are not intended for children under 16 years of age. No one under age 16 may provide any personal information on our websites. We do not knowingly collect, sell, or share for cross-context behavioral advertising purposes any personal information of children under 16. If you are under 16, do not use or provide any information on our websites. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at yourprivacy@sagehospitalitygroup.com.

8. RETENTION OF PERSONAL INFORMATION

We keep your personal information for different lengths of time depending on the type of information and the business and legal requirements. In deciding how long to retain personal information, we consider many criteria, including the business purposes for which the personal information was collected, relevant federal, state, and local recordkeeping laws, applicable statutes of limitations for claims to which the information may be relevant, and legal preservation of evidence obligations. Some information is deleted automatically after a set period of time, often set by law, unless we are legally required to hold it longer, such as for pending litigation.

9. HOW WE PROTECT THE INFORMATION THAT WE COLLECT

We follow industry-standard practices to secure the information we collect to prevent the unauthorized access, use, or disclosure of any personal information we collect and maintain. These security practices include technical, administrative, and physical safeguards, which may vary, depending on the type and sensitivity of the information. Although we take the responsibility of safeguarding your personal information seriously, no security measures are 100% effective and we cannot guarantee that these practices will prevent every unauthorized attempt to access, use, or disclose your information.

10. ADDITIONAL INFORMATION REGARDING OTHER LAWS AND INDIVIDUAL RIGHTS

CALIFORNIA NOTICE AT COLLECTION

California law provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “personal information,” rights to access, delete, correct certain personal information we collect about them, restrict us from “selling” or “sharing” certain personal information, and limit our use of Sensitive Personal Information, as defined by the law and described in the categories below. These rights apply to all residents of California, regardless of whether you are a customer, business contact, or member of the workforce. As a California resident, you have a right not to receive discriminatory treatment for the exercise of your privacy rights.

The California Consumer Privacy Act (CCPA) defines “personal information” to mean “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

You or your authorized agent may submit a request to exercise these rights by contacting us at yourprivacy@sagehospitalitygroup.com or calling our toll-free privacy line at (883)-700-2444.

Residents of California also have the right to request information regarding third parties to whom the Company has disclosed certain categories of personal information during the preceding year for the third parties’ direct marketing purposes under California’s “Shine the Light” law (Cal. Civ. Code §1798.83). Personal information under this California law means “any information that when it was disclosed identified, described, or was able to be associated with an individual.” If you are a California resident and would like to inquire further, please email yourprivacy@sagehospitalitygroup.com.

California law also requires us to provide information regarding the criteria we use to determine the length of time for which we retain personal information. We utilize the following criteria to determine the length of time for which we retain personal information: (i) the business purpose for which the information is used, and the length of time for which the information is required to achieve those purposes; (ii) whether we are required to retain the information in order to comply with legal obligations or contractual commitments, or is otherwise necessary to investigate theft or other illegal activities, to ensure a secure online environment, or to protect health and safety; (iii) the privacy impact on the consumer of ongoing retention, including the consumer’s likely expectations in light of the sensitivity of information; and (iv) the manner in which information is maintained and flows through our systems, and how best to manage the lifecycle in light of the volume and complexity of the systems in our infrastructure.

The general section of this Privacy Policy above describes types of personal information in categories that are easy to understand; however, the CCPA requires us to disclose the personal information we have collected about consumers in the following categories. Some of the categories include very different types of information within the same category and certain personal information may fall into multiple categories. How we use and how long we keep the information within each category will vary, and not all types of information within the same category will be used for all the purposes listed.

Individual pieces of personal information such as those listed above may exist in different systems that are used for different business or legal purposes. A different maximum retention period may apply to each use case of the information. Certain individual pieces of information may also be stored in combination with other individual pieces of information, and the maximum retention period may be determined by the purpose for which that information set is used.

As required by the CCPA, the Company collects the following categories of personal information from the sources below and discloses such personal information to the third parties below, and in each case, for the purposes described below:

Category: Identifiers, such as name, alias, postal address, unique personal identifier, online identifier, Internet protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers

Sources: Direct interactions with you; automatically when you visit our websites or use Company networks or devices; from third parties, including business partners and service providers we use to support our business

Disclosed in Last 12 Months to Third Parties: Affiliates and property owners; service providers and other third parties, including business partners and marketing and advertising partners; regulatory authorities

Purpose of collection and use: Service or request fulfillment; to communicate with you; for operational management purposes; to send marketing and advertising communications; compliance with legal obligations; for security purposes.

Category: Additional categories of information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, signature, Social Security number, physical characteristics or description, address, telephone number, driver’s license or state identification card number, education, employment, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories

Category: Protected classification characteristics under California or federal law, such as age (40 years or older), national origin, marital status, gender, veteran or military status

Sources: Direct interactions with you, such as when you sign up for an offer for veterans; from third parties who make inferences regarding your household, such as marital status or the age ranges of people within your household

Disclosed in Last 12 Months to Third Parties: Affiliates and property owners; service providers; regulatory authorities

Category: Commercial information, such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

Sources: Direct interactions with you during transactions with us; automatically when you visit our websites; from third parties, including business partners and service providers we use to support our business

Category: Biometric information, such as genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, scans of the hands or face geometry, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data

Sources: Direct interactions with you, such as when we seek to authenticate your identity

Category: Internet or other electronic network activity information, such as browsing history, search history, and information regarding your interaction with one of our internet websites, applications, or an advertisement

Sources: Automatically when you visit our websites or use Company networks or devices; from third parties, including business partners and service providers we use to support our business

Disclosed in Last 12 Months to Third Parties: Affiliates and property owners; service providers and other third parties, including business partners and marketing and advertising partners

Category: Geolocation data

Sources: Automatically when you visit our websites or use Company networks or devices; from third parties, including business partners and service providers we use to support our business

Purpose of collection and use: Service or request fulfillment; to communicate with you; for operational management purposes

Category: Sensory data, such as audio, electronic, visual, thermal, olfactory, or similar information

Sources: Automatically from our systems, such as when your image or voice is recorded or captured in surveillance camera footage

Disclosed in Last 12 Months to Third Parties: Affiliates and property owners; service providers; regulatory authorities

Purpose of collection and use: For operational management purposes; compliance with legal obligations; for security purposes

Category: Inferences drawn from other personal information, such as profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

Sources: Automatically from our systems through a series of computer processes

Purpose of collection and use: Service or request fulfillment; to communicate with you; for operational management purposes; to send marketing and advertising communications

Category: Sensitive Personal Information, such as Social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents mail, email and text messages; genetic data and biometric information; information collected and analyzed concerning a consumer’s health; or information collected and analyzed concerning a consumer’s sex life or sexual orientation. Some personal information included in this category may overlap with other categories. We do not collect all of these examples of Sensitive Personal Information, nor do we use all types of Sensitive Personal Information for the purposes described below

Sources: Direct interactions with you, such as when you create an account or make a payment with us; automatically from our systems when you use or interact with Services that collect this information or when you opt in to certain features of our Services; from third parties

Disclosed in Last 12 Months to Third Parties: Affiliates and property owners; regulatory authorities

Disclosures to Third Parties for a Business Purpose

For all enumerated categories listed above, we limit disclosures of personal information for business purposes to service providers, as described in “WHEN AND WITH WHOM WE DISCLOSE PERSONAL INFORMATION.”

Selling and Sharing for Cross-Context Behavioral Advertising

The CCPA requires businesses to include certain disclosures relating to your right to opt out of “sale” or “sharing” for cross-context behavioral advertising purposes.

We do not sell personal information in exchange for monetary consideration and we do not sell Sensitive Personal Information or personal information of consumers under 16 years of age for monetary or any other valuable consideration. We do not share Sensitive Personal Information or knowingly sell personal information of consumers under 16 years of age with third parties for cross-context behavioral advertising purposes.

However, for residents of California, we may “sell” personal information for other valuable consideration and share personal information for cross-context behavioral advertising purposes to:

· Affiliates, for cross-context behavioral advertising purposes, which may include certain contact information or identifiers; and/or

· Data analytics providers and marketing providers, for data analytics or website traffic, including certain Internet or other electronic network activity information.

To opt out of our disclosure of your personal information to third parties where the disclosure constitutes “selling” or sharing for cross-context behavioral advertising purposes under California law, you can email us at yourprivacy@sagehospitalitygroup.com or call our toll-free privacy line at (883)-700-2444 for assistance.

Please note that your right to opt out does not apply to our sharing of data with service providers, with whom we work and who are required to use the data only on our behalf.

Right to Know, Right to Request Correction, and Right to Request Deletion of Information

California residents have the right to request that we disclose what personal information we collect, use, and sell, as well as the right to request that we delete certain personal information that we have collected from you. If we hold personal information that is not accurate, California residents have the right to request that we correct this information. You or your authorized agent may submit a request to exercise your rights by emailing us at yourprivacy@sagehospitalitygroup.com. For your security and to ensure unauthorized third parties do not access your personal information, we will require you to verify your identity before we can act on your request. If you are a current customer, you may be required to authenticate through your account. If you do not have an account with us, you may be required to provide an email address and mobile phone number to start the verification process. You may also be required to provide a qualified government-issued photo identification. If you are asking for access on behalf of someone else, we will require verification of your identity, as well as proof of authorization by the individual whose personal information you wish to access. There may be information we will not return in response to your access request, such as information that would affect the privacy of others or interfere with legal requirements. Similarly, there may be reasons why we cannot comply with your deletion request, such as the need to keep your personal information to provide you Service or to fulfill a legal obligation. In certain circumstances, we may not collect sufficient identifiers to match information in our records with your request.

Right to Restrict Use of Sensitive Personal Information

California residents have the right to request that businesses restrict the use of Sensitive Personal Information. We limit the use of your Sensitive Personal Information to that use which is necessary to perform reasonably expected services or as required by law.

Right to Information Regarding Participation in Data Sharing for Financial Incentives

We may run promotions from time to time and ask you to share personal information with us in exchange for discounts. We will give you clear notices about these types of programs when you sign up, and participation is always voluntary. If you change your mind, you will always be able to opt out, and if you don’t participate, you will still be able to use our Services.

ADDITIONAL INFORMATION REGARDING COLORADO RESIDENTS’ PRIVACY RIGHTS

Colorado law provides Colorado residents with rights to access, delete, and correct certain “Personal Data” we collect about them, as well as to restrict the use of that Personal Data for “targeted advertising,” restrict the “sale” of that Personal Data, and control our use of Personal Data considered sensitive. If you are a Colorado resident, you also have a right not to receive discriminatory treatment for the exercise of your privacy rights. While Colorado residents have the right to opt out of automated profiling that would produce legal or other similarly significant effects, we do not use Personal Data to make automated decisions in any situation where you would have a legal right to opt out.

The Colorado Privacy Act defines “Personal Data” to mean “any information that is linked or reasonably linkable to an identified or identifiable individual.” When we use the term “personal information” in our Privacy Policy, it includes Personal Data covered by this definition.

You or your authorized agent may submit a request to exercise your access, deletion, and correction rights by emailing us at yourprivacy@sagehospitalitygroup.com. For your security and to ensure unauthorized third parties do not access your personal information, we will require you to verify your identity before we can act on your request. If you are a current customer or still have access to your account, you may be required to authenticate through your account. If you do not have an account with us, you may be required to provide an email address and mobile phone number to start the verification process. You may also be required to provide a qualified government-issued photo identification. If you are asking for access on behalf of someone else, we will require verification of your identity, as well as proof of authorization by the individual whose personal information you wish to access.

To opt out of targeted advertising and the sale of Personal Data, or to set preferences regarding our use of sensitive Personal Data, please email us at yourprivacy@sagehospitalitygroup.com. If we deny your request, you have the right to appeal our decision by emailing us at the same email address.

ADDITIONAL INFORMATION REGARDING OREGON RESIDENTS’ PRIVACY RIGHTS

Oregon law provides Oregon residents with rights to access, delete, and correct certain “Personal Data” we collect about them, as well as to restrict the use of that Personal Data for targeted advertising, restrict the “sale” of that Personal Data, and control our use of Personal Data considered sensitive. If you are an Oregon resident, you also have a right not to receive discriminatory treatment for the exercise of your privacy rights. While Oregon residents have the right to opt out of automated profiling that would produce legal or other similarly significant effects, we do not use Personal Data to make automated decisions in any situation where you would have a legal right to opt out.

The Oregon Consumer Privacy Act defines “Personal Data” to mean “data, derived data or any unique identifier that is linked to or is reasonably linkable to a consumer or to a device that identifies, is linked to or is reasonably linkable to one or more consumers in a household.” When we use the term “personal information” in our Privacy Policy, it includes Personal Data covered by this definition.

You or your authorized agent may submit a request to exercise your access, deletion, and correction rights, to opt out of targeted advertising and the sale of Personal Data, or to set preferences regarding our use of sensitive Personal Data, by emailing us at yourprivacy@sagehospitalitygroup.com. If we deny your request, you have the right to appeal our decision. You can request further review by emailing us at the same email address.

ADDITIONAL INFORMATION REGARDING TEXAS RESIDENTS’ PRIVACY RIGHTS

Texas law provides Texas residents with rights to access, delete, and correct certain “Personal Data” we collect about them, as well as to restrict the use of that Personal Data for targeted advertising, restrict the “sale” of that Personal Data, and control our use of Personal Data considered sensitive. If you are a Texas resident, you also have a right not to receive discriminatory treatment for the exercise of your privacy rights. While Texas residents have the right to opt out of automated profiling that would produce legal or other similarly significant effects, we do not use Personal Data to make automated decisions in any situation where you would have a legal right to opt out.

The Texas Data Privacy and Security Act defines “Personal Data” to mean “any information, including sensitive data, that is linked or reasonably linkable to an identified or identifiable individual.” When we use the term “personal information” in our Privacy Policy, it includes Personal Data covered by this definition.

ADDITIONAL INFORMATION REGARDING VIRGINIA RESIDENTS’ PRIVACY RIGHTS

Virginia law provides Virginia residents with rights to access, delete, and correct certain “Personal Data” we collect about them, as well as to restrict the use of that Personal Data for targeted advertising, restrict the “sale” of that Personal Data, and control our use of Personal Data considered sensitive. If you are a Virginia resident, you also have a right not to receive discriminatory treatment for the exercise of your privacy rights.

The Virginia Consumer Data Protection Act defines “Personal Data” to mean “any information that is linked or reasonably linkable to an identified or identifiable natural person.” When we use the term “personal information” in our Privacy Policy, it includes Personal Data covered by this definition.

You or your authorized agent may submit a request to exercise your access, deletion, and correction rights, to opt out of targeted advertising and the sale or sharing of Personal Data, or to set preferences regarding our use of sensitive Personal Data, by emailing us at yourprivacy@sagehospitalitygroup.com. If we deny your request, you have the right to appeal our decision. You can request further review by emailing us at the same email address.

ADDITIONAL INFORMATION REGARDING EEA, SWITZERLAND, AND UNITED KINGDOM RESIDENTS’ PRIVACY RIGHTS

The EU General Data Protection Regulation and the UK General Data Protection Regulation (collectively, “GDPR”) provide residents of the European Economic Area (EEA), United Kingdom, and Switzerland the rights to receive notice regarding the purposes for which your personal data are processed and the legal basis for our processing, the categories of recipients of your personal data, whether the personal data will be transferred outside these jurisdictions, and the criteria we use to determine how long to retain your personal data. You also have the right to receive notice about your rights. These rights apply to all residents of these locations, regardless of whether you are a customer, business contact, or member of the workforce. The GDPR defines “personal data” to mean “any information that is linked or reasonably linkable to an identified or identifiable natural person.” When we use the term “personal information” in our Privacy Policy, it includes personal data covered by this definition.

Right to be Informed

The general section of this Privacy Policy describes the types of personal information we collect, how we collect it, and how we use it in categories that are easy to understand. For information on our retention practices, please see “RETENTION OF PERSONAL INFORMATION” above.

Legal Basis for Processing

We rely on a variety of legal bases to process your personal data. We mainly process your personal data because it is necessary to perform our agreement to provide the Services to you or because the processing is necessary for our legitimate interests where those interests do not override your fundamental rights and freedoms related to data privacy. Where we rely on legitimate interest as this lawful basis, our legitimate interest is necessary for promoting our business, improving the services we offer to you and your experience when you interact with us, and ensuring effective operational management and internal administration of our business and the exercise of our rights. In limited circumstances, we may rely on other legal bases for processing your personal data, including when necessary to comply with a legal obligation or where you provide your consent for processing.

Cross-Border Transfers

Certain personal data may be transferred to and processed in the United States and other countries where we have facilities or in which we engage service providers. The laws in the United States regarding personal data may be different from the laws of your state or country. We implement appropriate safeguards to protect your personal data as required by relevant law, including supplemental measures, if we transfer your personal information outside of the EEA, UK, or Switzerland.

Right of Access, Right to Data Portability, Right to Request Correction, and Right to Request Deletion

You have the right to request that we:

· Give you access to, and a copy of your personal data we hold in our systems;

· Correct or update inaccurate or incomplete personal data we have about you; and

· Delete all or some of the personal data we have about you.

To submit a request to exercise your rights, please email us at yourprivacy@sagehospitalitygroup.com. We may have a reason under the law why we do not have to comply with your request, or may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response. Please note that, to verify your identity, we may require you to provide us with information prior to accessing any records containing information about you. In certain circumstances, we may not collect sufficient identifiers to match information in our records with your request.

Right to Object, Withdraw Consent, and Restrict Processing

You have the right to request that we:

· Stop using, and ensure that all third parties stop using, some or all of your personal data (e.g., if we no longer have a legal basis to process it); and

· Stop contacting you with promotional messages.

You can exercise these rights by emailing us at yourprivacy@sagehospitalitygroup.com.

Right to Opt Out of Automated Processing

You have the right to opt-out of automated processing where such processing would produce legal or other similarly significant effects. However, we do not use personal data of residents of the EEA, Switzerland, or the United Kingdom to make automated decisions about you that would have these effects.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority about our use of your personal data.

11. CHANGES TO OUR PRIVACY POLICY

As our Company and Services evolve and we perceive the need or desirability of using information collected in other ways, we may from time to time amend this Privacy Policy. We encourage you to check our website frequently to see the current Privacy Policy in effect and any changes that may have been made to them. If we make material changes to this Privacy Policy, we will post the revised Privacy Policy and the revised effective date on this website. Please check back here periodically or contact us at the address listed at the end of this Privacy Policy.

12. QUESTIONS

If you have any questions about this Privacy Policy, please contact us at yourprivacy@sagehospitalitygroup.com or call our toll-free privacy line at (883)-700-2444.