Privacy Statement
Introduction
This citizenM (“we”, “our” or “us”) Privacy Policy (“Policy”) applies to the processing by citizenM of personal information of (potential) guests, bookers and other customers (“Guests”) and visitors to our website, mobile application, and social media accounts and pages (“Visitors”). citizenM takes the privacy of its Guests and Visitors very seriously and treats their personal information with great care. citizenM acts in accordance with applicable data protection legislation. Your personal information is processed by or on behalf of:
citizenM Operations Holding B.V., a limited liability company registered under the laws of the Netherlands, having its statutory seat in Amsterdam, the Netherlands and its offices at Leidseweg 219, 2253 AE Voorschoten, the Netherlands. citizenM Operations Holding B.V. is registered with the Dutch Chamber of Commerce under registration number 34218994; and,
in the context of your stay or booking regarding one of our hotels, the entities operating the relevant citizenM branded hotel, whether owned or licensed by citizenM Operations B.V. and its wholly and partially owned affiliates (each hereinafter referred to as a “citizenM Hotel”). See the full list of our citizenM hotels, and the legal entities that operate these hotels type: asset-hyperlink id: 2MzSWbIQLkGQhXrSw8wkKL.
In the context of our hotel services and related products and services, citizenM Operations B.V. is the data controller and the point of contact for all your questions regarding the processing of your personal information.
2. information we collect and process
citizenM collects the personal information of its Guests and Visitors for specified, explicit purposes only and will not process this personal information in a manner that is incompatible with those purposes. In some instances, we must collect your personal information in order to enter into an agreement for services with you as a Guest. We process (e.g. collect, use, disclose, store) the personal information of our Guests and Visitors for the purposes of operations management, marketing, analytics, security management and legal and regulatory compliance, as defined below:
Operations management includes the normal business practices related to our day-to-day business activities including facilitating Guests’ stays, guest support and guest identification, enhancing the guest experience based on amongst other things the Guests’ known preferences, locker management, payment, planning and budgeting, financial reporting, resource management (e.g. assignment of meeting rooms, IT appliances), mergers & acquisitions including due diligences, audits or the establishment, exercising or defending against legal claims.
Marketing includes the sending of newsletters containing relevant information and offers about our hotels, products and services, through different information channels, such as e-mail, text and WhatsApp messages or our other (digital) channels. We may obtain your feedback through for instance customer surveys that give you the opportunity to influence the range of products and services we provide and we may also communicate personalised and relevant information and offers to you about our hotels, products and services. We may provide ad companies, such as Meta (Facebook, Instagram) and Google, with information that allows them to serve you with more useful and relevant citizenM-advertisements.
Analytics includes the processing of your personal information in anonymous, aggregated form for analytical purposes to improve our business operations, including our marketing activities, and enhance your experience in our hotels, to predict and anticipate future guest behavior, to develop statistics and commercial scores and to understand guest preferences. We may analyse the information we collect about you, for instance by dividing customers into different customer categories based on purchase patterns, behavior and interactions with us.
If you have a citizenM account, we may also analyse the information contained in your account profile for marketing and analytical purposes. If you do not have a citizenM account but wish to create an account, your personal information may be used to create your account and your previous reservations or data collected by cookies may be associated with your account. If you have created multiple accounts, we may combine those accounts for organizational, analytical, fraud prevention, data minimization and marketing purposes.
Legal and regulatory compliance includes the processing of any information that citizenM is required to retain based on a legal obligation or duty of care including administrative obligations based on applicable (tax) laws, governmental statistics requirements, etc.
Security management includes securing the company IT network and systems, company information, company premises, and our employees, Guests and Visitors and preventing fraud and non-payments and other illegal or infringing activities. Guests who have behaved inappropriately during their stay (e.g. aggressive and anti-social behavior, non-compliance with safety regulations, theft, damage and vandalism or payment incidents) may be added to our no-stay list and we may refuse their reservation if they return to our hotels.
Personal information will be processed only if such processing is based on any of the legal grounds listed in section 6(1) of the General Data Protection Regulation (“GDPR”), notably consent (e.g. for profiling), necessary for the performance of a contract, legitimate interest, or compliance with legal obligations. Where consent to the collection of personal information is revoked, we will stop processing the personal information. If consent is not required to process your personal information and you nevertheless don’t provide your personal information, we will not be able to process your reservation and / or you will not be able to make use of our services.
See Annex I for a detailed overview of the categories of personal information collected, the special personal information collected, the legal grounds for collection and the source of personal information collected.
Notice of Financial Incentive: Guests and Visitors may join our mycitizenM loyalty programmes at any time by registering on our website. By registering for our mycitizenM loyalty programmes, members receive discounts and perks exclusive to members only, including our best price guarantee on booking, rewards and full use of our mobile application. mycitizenM+ members also receive an extra discount on their bookings, a free late check-out and premium room views. Because our loyalty programmes involve the collection of personal information, they might be interpreted as a “financial incentive” program under California law. We collect personal information from our mycitizenM and our mycitizenM+ members as described within this Policy, including identifiers (name, email address, citizen and country of residence, phone number and account password), geolocation data, Internet and other similar electronic activity, and commercial information, such as your booking details. The value of your personal information to us is related to the value of the free or discounted products or services, or other benefits that you obtain or that are provided as part of the loyalty programme, less the expense related to offering those products, services, and benefits to program participants, including any membership fees. Our loyalty programme members can cancel their memberships at any time by contacting us at support@citizenm.com
3. sharing your information
We will never sell your personal information to third parties. However, we may share your personal information in a limited number of circumstances, including:
Third-Party Service Providers: We share personal information with third parties involved in the process of providing services to us or you or performing functions on our behalf (including payment processing). Those third parties are only permitted to use your personal information for the purpose for which it has been provided and may not disclose it to any other third party except at our express direction and in accordance with this Privacy Policy.
Legal & Regulatory Authorities: We may from time to time make your personal information available to legal and regulatory authorities, to our accountants, auditors, lawyers or similar professional advisers or to other third parties, when this is required by law, necessary to permit us to exercise our legal rights, to comply with our legal obligations, or necessary to take action regarding illegal activities or to protect the safety of any person.
Business Transitions: If all or part of our company is sold, merged or otherwise transferred, we may transfer your personal information as part of that transaction. We may also transfer your personal information to the owners of hotels managed by us.
Digital Advertising: Certain of our digital advertising activities may constitute a sharing for purposes of cross-context behavioral advertising, targeted advertising, or profiling under certain data privacy laws. Please see the following section regarding your right to opt-out of such activity.
Your choices & rights
4. your choices and rights
The following choices and rights with regards to your personal information are available to you:
Access Request Rights: You have the right to request that we provide to you the following information about our collection and use of your personal information:
The (categories of) personal information we have collected about you.
The categories of sources for the personal information we have collected about you. • Our business purpose for collecting that personal information.
The categories of third parties with whom we share or have shared that personal information.
The specific pieces of personal information we collected about you .
Information regarding any disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion, Rectification and Restriction Request Rights: You have the right to request that we delete, restrict or, if you believe that our processing of your personal information is incorrect or inaccurate, change any of the personal information collected from you and retained, subject to certain exceptions. Once your verifiable consumer request is confirmed, we will delete, restrict or change, as the case may be, and direct our service providers to delete, restrict or change your personal information. Your request to delete the personal information collected may be denied if it is necessary for us to retain your information under one or more of the exceptions listed in the GDPR or California Consumer Privacy Act, or other applicable law.
Data Portability Rights: In some cases, you may receive a copy of your personal information in a structured, commonly used and machinereadable format.
Right to Object: Where we process your personal information based on a “legitimate interest”, you may have the legal right to object to the processing of your personal information, on grounds relating to your particular situation.
Right to Revoke Consent: Where we process personal information based on your consent, you have the right to revoke such consent at any given time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Post-mortem Right to Privacy: You have the right to set instructions regarding the storage, deletion or communication of your personal information after your death.
Right to Complain: You have the legal right to lodge a complaint with the competent authority.
When handling any data access, erasure, or correction requests, we will first confirm the identity of the individual making the request or query and consider our obligations under applicable data protection laws and regulations. Such requests are usually provided free of charge; however, a reasonable fee may be applied to cover our administrative costs for requests that are manifestly unfounded, excessive or repetitive. We always aim to provide you with a response as soon as possible and as required under applicable laws. We will not discriminate against you for exercising any of these rights.
You have the right to have an authorized agent submit a request on your behalf. We may require that agents provide verification that they are acting on your behalf.
Do Not Track: Our website is not designed to respond to “do not track” requests from browsers.
Global Privacy Control: Where required by law, our website responds to the Global Privacy Control (“GPC”) signal and will treat such signals as requests to opt-out of sharing for the purposes of crosscontext behavioral advertising or targeted advertising. Note that if you use the GPC, your request to opt-out will apply only to the browser from which you submit the request.
“Shine the Light” and “Eraser” Laws: You may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties’ direct marketing purposes.
6. children
Our website is not directed to minors. citizenM does not knowingly solicit, collect, use or disclose personal information from children under 18 years of age. If we become aware that we have unknowingly collected personal information from a child under the age of 18, we will delete such information from our records.
7. our cookies policy
This section explains which cookies and similar techniques (hereafter simply referred to as “cookies”) we use on our website. citizenM makes use of functional and technical optimization cookies on its website in order to help the website function properly. In addition, if you consent to receive cookies on your device, citizenM uses first party and third-party analytics and marketing cookies. Visitors can withdraw their consent at any time by setting their browser to disable cookies or to remove all cookies from their browser.
Website Functionality and Optimization Cookies: We use cookies that are necessary to provide the requested service. For instance, technical cookies allow you to proceed through different pages of a website with a single login and they remember selections in shopping carts and (order) forms that are filled out on our website. We also use cookies to measure your behavior on our website to learn about the online experience of our website visitors and to improve our website. In doing so, we also collect the technical features of your terminal equipment and software used by you, such as the type of operating system, the browser settings, the installed plug-ins, the time zone and the screen size of your device.
Marketing Cookies: With your consent citizenM places marketing cookies and trackers on your device which help us advertise our products and services to you. The marketing cookies also enable us to provide you with relevant offers based on your online browsing, search and booking behaviour.
Cross-Site Tracking: With your consent, third parties can store tracking cookies on your device if you visit our website. Such cookies enable these third parties to track your online browsing behaviour across different websites (including the citizenM website). A common purpose of such tracking cookies is to provide you with targeted advertisements across the websites you visit. We do not control or influence the use by third parties of the information collected through these third-party cookies. Please read the privacy policies of these third parties to find out more about how they use cookies and process your personal information. Please note that we use Google Analytics and you can opt-out of Google Analytics by downloading Google’s Opt-Out Browser Add-on.
Social Media: With your consent, our website uses cookies to interact with social media platforms. These cookies are also used to optimize your experience of the social media websites. Please be aware that these cookies may also allow social media platforms to track your online behaviour for cross-site tracking purposes.
Withdrawal of Consent: You can withdraw your consent at any time by removing all cookies from your browser.
8. monitoring & audit
Compliance with this citizenM Privacy Policy will be monitored regularly. The data processing register will be updated promptly upon the implementation of a new data process. The completeness and accurateness of the data processing register will be verified regularly.
9. third party links
For practical reasons or for your information, our website may contain links to other websites, such as links to our profile pages on social media sites. We exercise no control over such other websites and are not responsible for the content thereon. This Privacy Policy does not apply to third-party websites, and we recommend that you review the online privacy policy of any website you visit to determine how the operator handles personal information collected through its site.
10. revisions to this global privacy policy
We have done our best to make sure that this Privacy Policy explains the way in which we process your personal information and rights you have in relation thereto. However, we may change this Privacy Policy from time to time to make sure it is still up to date. When necessary, we will alert you to these changes by posting a prominent notice on our website.
If you have any questions or comments about our Privacy Policy or would like to exercise any of your rights as outlined in this Policy, please email us at privacy@citizenm.com. Our Data Protection Officer can also be contacted at dpo@citizenm.com. You may also click here to use our online form.
If you are a U.S resident you may also contact us toll-free at + 1 (888) 34 34 752.If, as an EEA resident, you believe that we have not adequately resolved any such issues, you have the right to contact your EU supervisory authority.
In the Netherlands:
Autoriteit PersoonsgegevensP.O. Box 933742509 AJ the Hague, the Netherlands