Be part of the excitement!

Privacy Policy

How We Use Your Information

Updated January 1, 2020

LUMA Hotels ("LUMA" or "we". "us", or "our") located at 433 California Street, San Francisco, CA 94104, is committed to protecting your privacy. The information that you provide to LUMA is utilized in order for us to (among other things) provide you with the highest level of customer service reflective of the quality of our brand.

This Privacy Policy (“Policy”) applies to our offline and online data collection practices, including when you visit our website at www.lumahotels.com and any website owned, operated, or controlled by us (collectively the “Site”), visit or stay as a guest at LUMA, sign up for free Wi-Fi at LUMA, contact us regarding hosting corporate events, gatherings, weddings, or other special occasions at LUMA, contact us by phone or email, subscribe to our mailing lists or when you engage with us on social media.

This Policy is subject to our Terms of Use located at: https://lumahotels.com/privacy-policy . We may update this Policy from time to time, as specified in the “Changes to This Privacy Policy” section below.

California state law confers certain rights relating to personal information to its residents.  If you are a California resident, please also see our California Consumer Privacy Section in this Policy located below.

Your Consent

You should read this entire Policy before submitting information to us in any form or using our Site. Whenever you submit personal information to us, you consent to the collection, use, disclosure, transfer, and storage of that information in accordance with this Policy.

We may make full use of all information that is de-identified, aggregated, or otherwise not in personally identifiable form.

Information Collection and Use Of Information

We collect personal information about you in the following ways: 1) from you when you voluntarily submit information directly to us; 2) using automated technology, including when you visit our Site, social media, or properties or interact with our electronic advertisements or communications; and 3) using third party sources, including our service providers, analytics providers, through social media and other websites or services we interact with. Automated technology collects information from your computer or mobile device and includes cookies, web beacons, local shared objects, or other similar technology. More information is given below in the "Cookies and Other Technology" section below.

All personal information may be used for the purposes stated in this Policy.  We will retain your personal information for the period necessary to fulfill that purpose and as otherwise needed to comply with applicable law and internal company policies.

We may combine data collected from third party sources.

We collect, use, and disclose your personal information as described in the chart in Annex 1 below.

Our third-party providers are bound by confidentiality obligations and are restricted to only using the data to provide our business with applicable services.

Retention of Data

We will retain your personal information (collected through offline and online methods) for as long as it is necessary for the purposes described in this Policy. We will also retain and use your personal information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

Intended Audience of Websites; COPPA Compliance

We are in compliance with the requirements of the Children's Online Privacy Protection Act (“COPPA”).  We do not knowingly collect information from minors in the United States or elsewhere with or without the consent of their parents or guardians.  If you are not 16 or older, you should not visit or use our Site or social media accounts.  If you become aware that a child has provided us with personal information without appropriate consent, then please contact us using the details below so that we can take the appropriate steps in accordance with our legal obligations and this Policy.

Email Marketing

If you no longer wish to receive email marketing communications from us, you may opt-out of receiving marketing-related emails by using the unsubscribe method provided in our communications (e.g., by clicking on the “unsubscribe” link in the email to unsubscribe). Please note that unsubscribing from our promotional material will not prevent us from contacting you for other reasons, such as order confirmations, responses to customer service inquiries, or information about an event for which you have registered.

Security

For your security, our web-based ordering system utilizes the most up-to-date Secure Socket Layer (SSL) technology. This software ensures that all sales transaction information is transferred safely via encrypted methods.

All orders placed on the Site require a credit card. Upon submitting an order, all credit card numbers are transmitted via secure and encrypted methods. If desired, credit card numbers can be kept on file for future purchases. For your security, these credit card numbers are stored in secure, encrypted databases.

The transmission of information via the internet is not completely secure. Although we strive to protect your personal information in accordance with this Policy, we will not be liable for disclosure of personal information obtained due to errors in transmission or security breaches.

Cookies and Other Technology

A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and is used to remember and/or obtain information about the user. A “web beacon” is a small object or image that is embedded into a web page, application, or email and is used to track activity. They are also sometimes referred to as pixels and tags.

To find more information about cookies please visit www.allaboutcookies.org.  Most browsers are initially set to allow cookies, but also offer the option to restrict cookies or warn you of their use.  By disabling cookies, you won’t be able to enjoy the convenience provided by our customization.

THIRD PARTY ADVERTISING AND ANALYTICS DISCLAIMER

We and/or third parties including third-party advertising companies and service providers on our behalf, may use cookies, web beacons and other similar technology, to collect information from you such as your activities on the Site for the purposes described in this Policy including analytics, targeted advertising, monitoring performance, and improvement of our Site (traffic, errors, page load time, popular pages, etc.)

Examples of our third-party service providers to help deliver our services or to connect to our services include:Google Analytics:

We use Google Analytics to understand how our website, services, and products perform and how you use them. To learn more about how Google processes your data, please visit https://policies.google.com/privacy. To opt out of Google Analytics please visit https://tools.google.com/dlpage/gaoptout.

Remarketing Services: We use remarketing services to inform, optimize, and serve ads on third-party websites to you based on your use of our Site and social media. For more information regarding targeted advertising and to learn about your own choices in connection with it, please visit http://www.aboutads.info/choices. If you choose to opt out, you will continue to receive advertisements but they will not be tailored to your interests.

Facebook: We use Facebook to advertise and market our services to you. To learn more about how Facebook uses your data please visit https://www.facebook.com/help/325807937506242/ or log on to your Facebook account and access your settings. To understand more about Facebook advertising please see here https://www.facebook.com/about/ads.

This Policy does not apply to, and we are not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties’ privacy policies. For more information, we encourage you to check the privacy policies of these third parties to learn about their privacy practices.

External Links

We may make available third party applications through our Site and social media applications for your use,  Links to such applications, any other websites included in this Site or links on our social media accounts operate with privacy policies beyond our control.  Unless otherwise indicated, once you have left our Site or our social media account, all use of information you provide is governed by the privacy policy of the other website’s or social media account's operators.  We are not responsible for any transactions that occur between you and a third-party website or social media account.

USER-GENERATED CONTENT

By tagging your post with the hashtag #yesluma, you are agreeing to the following:

User Content
As between you and us, you own all content and information you post or share using the Site (referred to as "User Content"), such as posting or sharing comments, photos, and videos. You give LUMA Hotel Times Square permission to use your User Content as follows: you grant to LUMA Hotel Times Square and its affiliates a license to reproduce, display, perform, distribute, and otherwise use your User Content in connection with the Site and for other LUMA Hotel Times Square marketing purposes, including without limitation in LUMA Hotel Times Square email, social media and other customer communications, sales materials, and other marketing. We may display advertisements in connection with your User Content or on pages where your User Content may be viewed by you or others, and we may use your User Content to advertise and promote LUMA Hotel Times Square or the Site. Our license to your User Content is non-exclusive, meaning you may use the User Content for your own purposes or let others use your User Content for their purposes. Our license to your User Content is fully paid and royalty free, meaning we do not owe you anything else in connection with our use of your User Content. We may exercise our rights anywhere in the world. Finally, our license is perpetual, meaning that our license lasts for an indefinite period of time. 

You promise that:
You own all rights to your User Content or, alternatively, that you have the right to give LUMA Hotel Times Square the rights described above; you have paid and will pay in full any fees or other payments that may be related to the use of your User Content; and your User Content does not infringe the intellectual property rights, privacy rights, publicity rights, or other legal rights of any third party. We may refuse to accept or transmit User Content for any reason. We may remove User Content from the Site for any reason. 

Contact Us

If you have any questions or concerns about this Policy, please contact us at [email protected]

CALIFORNIA CONSUMERS ONLY:  Your California Privacy Rights

The purpose of this section is to inform California residents from whom we may collect personal information about certain rights California affords to its residents with respect to personal information.

RIGHT TO KNOW ABOUT PERSONAL INFORMATION COLLECTED, DISCLOSED OR SOLD

You have the right to request that we disclose to you the following information about personal information we collect from you:

  • categories of personal information collected;
  • categories of sources of personal information collected;
  • the business or commercial purpose for collecting or selling personal information;
  • the categories of third parties with whom we share personal information; and
  • the specific pieces of personal information we have collected about you over the past 12 months.

You also have a right to know if we have sold or disclosed your personal information for a business purpose over the past 12 months and, if so, the categories of personal information sold or disclosed and the categories of third parties to whom the personal information was sold or disclosed, along with the business or commercial purpose for which the personal information was sold or disclosed.

Requests to Know

To make a request for any of the information set forth above (a “Request to Know”), please submit a verifiable consumer request pursuant to the instructions below.  You may only make a Request to Know twice within a 12-month period.  We will acknowledge your Request to Know within 10 days and will attempt to respond substantively within 45-90 days.

The Request to Know must provide sufficient information to allow us to verify that you are the person about whom the personal information was collected, sold or disclosed and must contain sufficient detail to allow us to properly understand, evaluate and respond to your request.  If we cannot verify your identity, we will not be able to respond to your request.

You can make a Request to Know the personal information we have about you in the following ways:

  • You may make a request here: [email protected]
  • You may also make a request by phone by contacting us at 212-730-0099.

Once we receive your Request to Know, we will begin the process to verify that you are the person that is the subject of the request (the “Verification Process”).  The Verification Process consists of matching identifying information provided by you with the information we have about you in our records. You will be asked to provide us with two or three pieces of information that will help us to verify your identification.

Information Collected

Within the past 12 months, we have collected the  categories of personal information about California consumers as described in this Policy in the section labelled “Information Collection and Use of Information.

Information Sold or Disclosed

We have not sold any personal information to third parties for a business or commercial purpose in the preceding 12 months.

We have disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding 12 months 

  • Personal Identifiers
  • Commercial Information
  • Internet/Network Activity
  • Biometric Information

We do not sell the personal information of individuals under 21 years of age without affirmative authorization.

RIGHT TO REQUEST DELETION OF PERSONAL INFORMATION

You have the right to request the deletion of your personal information collected or maintained by us (“Request to Delete”), subject to certain exceptions permitted by law.

To make a Request to Delete, please submit a verifiable consumer request pursuant to the instructions below. You may only make a Request to Delete twice within a 12-month period.  We will acknowledge your Request to Delete within 10 days and will attempt to respond substantively within 45-90 days.

The Request to Delete must provide sufficient information to allow us to verify that you are the person about whom the personal information was collected, sold or disclosed and must contain sufficient detail to allow us to properly understand, evaluate and respond to your request.  If we cannot verify your identity, we will not be able to respond to your request. Additionally, as permitted by law, if the information requested to be deleted is necessary for us to maintain, we will not be able to comply with your request.  We will notify you if this is the case.

A Request to Delete requires two steps: 1) making the Request to Delete and 2) confirming that you want your information to be deleted.
You can make a Request to Delete in the following ways:

  • You may make a request here – [email protected]
  • You may also make a request by phone by contacting us at 212-730-0099.

Once we receive your initial request to delete and your separate confirmation to delete, we will need to verify that you are the person that is the subject of the request (the “Verification Process”). The Verification Process consists of matching identifying information provided by you with the information we have about you in our records. 

Depending on the sensitivity of the personal information you are requesting to delete, we may need to match two or three pieces of identifying information from your request with information our records.  If your request to delete involves deleting very sensitive information, we may also need a signed declaration stating that you are the consumer whose personal information is the subject of the request.

We will retain correspondence, documents and information related to any Request to Know, Request to Delete, or Request to Opt-Out for 24 months  as required by law.

RIGHT TO OPT-OUT OF SALE OF PERSONAL INFORMATION

You have the right to opt-out of the sale of your personal information.  We do not and will not sell your personal information.  If this changes in the future, we will provide you with required notice and the right opt out.

RIGHT TO NON-DISCRIMINATION FOR EXERCISING CONSUMER PRIVACY RIGHTS

You have the right not to receive discriminatory treatment for exercising your privacy rights conferred by the California Consumer Privacy Act, including by exercising the rights specified herein.

AUTHORIZED AGENT INFORMATION

You may designate an authorized agent to make a request on your behalf under the California Consumer Privacy Act.

In order to allow an authorized agent to make a request on your behalf, please email us at  [email protected] to provide your written request and consent to an authorized agent.

When your authorized agent makes a request related to your personal information, we will require the agent to provide the above written permission.  We may also require that you verify your own identity directly with us at the time such a request is made..

California Do Not Track Notice:

Because there are not yet common, industry accepted “do not track” standards and systems, our website does not respond to Do Not Track signals.  In addition, we may allow third parties to collect personal information from your activity on our website, as described in the “Information Collection and Use” section above and described in Annex 1 below.

CONTACT FOR MORE INFORMATION

For information and questions about the use of your personal information or this California Consumer Privacy Section or your rights under California law, you may contact us at [email protected].

Changes to This Privacy Policy

This  Policy may be revised from time to time for any reason.  If this  Policy changes, the revised policy will include a new effective date, and we will notify you of such changes by posting the revised policy on this page.  Be sure to check the Policy whenever you submit personal information to us.

Annex 1

(Collections, Use and Disclosure of Personal Information)

Types of information we collect

You when you visit our Site (including your online activities on our Site), make hotel accommodations using our Site or via phone, register as a LUMA hotel member, make an inquiry about hosting an event at LUMA (through our Site, in person, or by phone), sign up for free Wi-Fi at LUMA, host an event at LUMA, otherwise volunteer your information to us, enter a promotion or competition conducted by us including dropping your business card, engage with us on social media, or otherwise interact with us through posting content on our Site, or communicate with us via phone (including text) or email. 

We may also collect information from third-party sources, such as Expedia, travel agencies, third-party service providers, opt-in lists, publicly available data, consumer reporting agencies, other companies and referrals

Your computer or mobile device, through your online activities and interactions with us, including, without limitation, your use of our services, your online activity on our Site, and on our social media channels or through our third-party sources. 

Third-party sources such as Expedia, third-party service providers, travel agencies, opt-in lists, publicly available data, consumer reporting agencies, other companies and referrals

Your in-person visit to our property, including but not limited to our restaurants, hotel bars, lobby, parking lot, conference rooms allotted for events and meetings, and other general areas. 

Category and Types of Information we collect

Personal Identifiers - name, signature, mailing address, telephone number, email address, date of birth, credit card information, location.

Commercial Information -services such as reservations for stay and events purchased, obtained, considered, reviewed or other purchasing or consuming habits

Internet/Network Activity - IP address, your device information, domain name, browsers you used to access our Site and services, webpages viewed, time spent on webpages, links clicks, transactions entered into and site-navigation patterns

Biometric Information -Photographs, video, face, voice, iris, retina, gait pattern.

How we use it

To make and fulfill guest reservations, send you communications regarding your reservations – including confirmation and receipt, communicate with you during your stay, provide customer service and support, respond to your request for proposals regarding hosting events at LUMA, follow up with you after you have communicated with us or submitted information to us regarding your stay or your request for a proposal; 

To improve our business operations, property, services including event hosting offerings, Site, and social media;

To provide you with a customized user experience;
 
To send promotional communications or marketing offers (unless you have requested that we not send such communications); 

For marketing, research, legal, and other business purposes; 

To comply with our policies, procedures, and legal obligations, including complying with law enforcement or governmental authority requests, investigating fraudulent activity, resolving disputes, and enforcing our legal agreements and policies.  
Analyze and track usage of our services including our Site and social media accounts;

Determine the popularity of our property, Site, and other related services including but not limited to event hosting;

Better understand how you use our Site and services;

Develop new service offerings; 

Enhance, modify, or improve our Site, services, and products;

Provide you with a customized guest experience and present offers tailored to your personal preferences;

To send promotional communications or offers including invitations to events, taking surveys, and participating in promotions (unless you have requested that we not send such communications); 

For other marketing, research, legal, and other business purposes; 

To comply with our policies, procedures, and legal obligations, including complying with law enforcement or governmental authority requests, investigating fraudulent activity, resolving disputes, and enforcing our legal agreements and policies.
To maintain and preserve the security and safety of our guests, employees, premises, and property;

Improve our premises and your customer experience; and

To comply with our policies, procedures, and legal obligations, including complying with law enforcement or governmental authority requests, investigating fraudulent activity, resolving disputes, and enforcing our legal agreements and policies.

Third parties with home we may share this information

Consultants, service providers, and contractors that we use to support our business and operations (e.g. Expedia, vendors hosting or operating our Site, entities that deliver marketing messages and advertisements, and fraud detection service providers, entities that provide event based services such as catering) who have agreed to keep the information confidential and use it only to provide the applicable services; 

Third party payment processors, including in connection with transactions where we require credit or debit card account information such as credit or payment card account information (including card number, expiration date, and security code); 

Third party companies we work with who help to gather information from you or help us to communicate with you, entities that assist with data analytics, analyzing Site metrics, advertising and behavioral remarketing, as explained further below; 

Third parties (including, without limitation, governmental agencies) if required to do so by law, regulation or court order; to respond to governmental and/or law enforcement requests; 

An acquirer or successor-in-interest in the event of a reorganization, merger, sale, change of control, consolidation, joint venture, assignment, transfer or other disposition of all or any part of LUMA or its affiliates including any negotiation thereof; and

Third-party sponsors of contests, sweepstakes, discounts, and promotions that you enter into.
Consultants, service providers, and contractors that we use to support our business and operations; 

Third party companies we work with who help to gather information from you or help us to communicate with you, including for purposes of data analytics or behavior remarketing, as explained further below; and

Third parties (including, without limitation, governmental agencies) if required to do so by law, regulation or court order; to respond to governmental and/or law enforcement requests;

An acquirer or successor-in-interest in the event of a reorganization, merger, sale, change of control, consolidation, joint venture, assignment, transfer or other disposition of all or any part of LUMA or its affiliates including any negotiation thereof.
Third party service providers such as security services, vendors hosting our data, etc.

Third parties (including, without limitation, governmental agencies) if required to do so by law, regulation or court order; to respond to governmental and/or law enforcement requests.

Be part of the excitement!