Privacy

Print

STANDARD INTERNATIONAL
GLOBAL PRIVACY POLICY

Last Updated: August 24, 2021

Standard International Management, LLC, Standard Asia Co., Ltd. and each of their affiliates (“The Standard”, “we”, “our”, or “us”) recognize the importance of protecting the personal information we may collect from guests, visitors and any other individual or entity (“Users”, “you”, or “your”).

This Privacy Policy applies to data collection and privacy practices of The Standard and when we collect personal information through your use of The Standard website, www.standardhotels.com, and any of our other related sites, software and applications accessible on or by any domain owned by us (including any translations of the same, the “Site” or “Sites”), through our social media pages or mobile applications that we control, through email messages that we may send to you, and when you visit or stay as a guest at one of our properties or purchase related services (collectively, the “Services”).  Please note that this Privacy Policy excludes services that state that they are offered under a different privacy policy.

For residents of California, please see “PRIVACY NOTICE FOR RESIDENTS OF CALIFORNIA“ below.

IF YOU WISH TO EXERCISE YOUR RIGHTS UNDER APPLICABLE DATA PRIVACY LAWS, PLEASE EMAIL DPO@STANDARDHOTELS.COM OR SUBMIT A REQUEST HERE AND READ BELOW FOR MORE INFORMATION.

This Privacy Policy covers the following topics:

When this Privacy Policy Applies

Website Terms of Use

Information We Collect

How We Obtain Personal Information

Cookies and Similar Technologies

How We Use Personal Information We Collect

Our Legal Basis for Collecting Personal Information

Sharing Personal Information

International Transfer

Your Privacy Choices

PRIVACY NOTICE FOR RESIDENTS OF CALIFORNIA

Information Collected Related to California Residents

Use and Disclosure of Information Collected Related to California Residents

“Sale” of Personal Information

Direct Marketing

Privacy Rights Specific to California Residents

Privacy Rights Specific to Certain Residents of Europe

Privacy Rights Specific to Certain Residents of Thailand

OTHER IMPORTANT INFORMATION

Your Failure to Provide Personal Information

Our Retention of Your Personal Information

How We Protect Personal Information

Your Marketing Choices

Links to Other Websites

Children’s Privacy

Privacy Policy Modifications

How to Contact Us

Please familiarize yourself with our privacy practices. As one of our guests or as a visitor using the Sites or Services, you understand and agree that we collect, use and disclose your Personal Information in accordance with this Privacy Policy and applicable data privacy laws. 

By accessing or using the Sites or Services in any manner, you agree to the terms and conditions in this Privacy Policy.  If you have any questions or comments about this Privacy Policy, please contact us at DPO@standardhotels.com.

 

When this Privacy Policy Applies

Our Privacy Policy applies to all of the Services offered by The Standard to our guests and other individuals who visit our properties, use our Services or use our Sites, including contact persons and/or authorized representatives of our corporate clients, suppliers or vendors and/or prospective clients, suppliers or vendors. Our Privacy Policy is intended to describe our data collection practices globally and applies unless there is a specific country privacy policy which applies to you or to the location where you are staying or visiting as a guest. However, because the data protection and privacy laws in some jurisdictions where our hotels and Services are located may restrict our data collection and processing practices, our practices may be more restrictive subject to local laws. 

Our Privacy Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you, or other sites linked from our Sites or Services. For example, this Privacy Policy does not apply to our processing of your Personal Information on behalf of third parties such as companies that offer packaged travel arrangements. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our Services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads.

Website Terms of Use

By accessing or using the Sites or Services in any manner, you also agree to be bound by our Terms of Use (the “Terms”) available at https://www.standardhotels.com/legal. Please read the Terms carefully. If you do not accept all of the terms and conditions contained in or incorporated by reference into the Terms, please do not use the Sites or Services.

Information We Collect

We collect information, including Personal Information, to provide better Services to all our guests and visitors. We use the term “Personal Information” to refer to any information that identifies or can be used to identify you, whether directly or indirectly, such as your name, email address, payment data and the information described below.

 

The Personal Information which we collect includes, but is not limited to, the following circumstances and data elements:

If you provide us or our service providers with any Personal Information relating to other individuals, you represent that you have the authority to do so and acknowledge that it will be used in accordance with this Privacy Policy. If you believe that your Personal Information has been provided to us improperly, or to otherwise exercise your rights relating to your Personal Information, please contact us by using the information set out in the “How to Contact Us” section below.

How We Obtain Personal Information

We obtain the categories of Personal Information listed above from the following categories of sources:

Cookies and Similar Technologies

We and our partners use various technologies to collect and store information when you visit one of our Sites or Services, and this may include using cookies or similar technologies to identify your browser or device. We may also use these technologies to collect and store information when you interact with services from our partners, such as advertising services. Our third-party advertising and analytics partners include Google and similar partners.

The technologies we use for this automatic data collection may include:

How We Use Personal Information We Collect

We use your Personal Information in ways that are compatible with the purposes for which it was collected or authorized by you, including for the following purposes:

We and our service providers may use IP addresses to understand the locations from which our guests and visitors are accessing the Services.  Except where prohibited by applicable law or regulation, we may combine information collected through one source with information obtained through other resources. We also may supplement the information we collect with information obtained from third parties. We will treat any information that we combine with your personal information as Personal Information pursuant to this Privacy Policy.

We may use your Personal Information in furtherance of our legitimate interest to provide you with the Services offered by us. We may also use your information to manage our contractual relationship with you, to proceed with your request to entering into a contractual relationship with us, or to comply with our legal obligations.

To the extent we rely on consent for the processing of your Personal Information, we will seek such consent at the time we collect your Personal Information. We may also use the Personal Information we obtain about you in other ways for which we provide specific notice at the time of collection.

Our Legal Basis for Collecting Personal Information

Whenever we collect Personal Information from you, we may do so on the following legal bases:

  1. Your consent to such collection and use;
  2. Out of necessity for the performance of an agreement between us and you, such as your agreement to use our Services or your request for Services;
  3. Our legitimate business interest, including but not limited to the following circumstances where collecting or using Personal Information is necessary for:
    • Intra-organization transfers for administrative purposes;
    • Product development and enhancement, where the processing enables The Standard to enhance, modify, personalize, or otherwise improve our Services and communications for the benefit of our visitors and guests, and to better understand how people interact with our Sites and Services;
    • Fraud detection and prevention;
    • Enhancement of our cybersecurity, including improving the security of our network and information systems; and
    • General business operations and diligence.
  4. When we need to comply with our legal obligations under applicable laws, rules or regulations, including without limitation, to the order of governmental authorities or courts.

Provided that, in each circumstance, we will weigh the necessity of our processing for the purpose against your privacy and confidentiality interests, including taking into account your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. In all circumstances, we will limit such processing for our legitimate business interest to what is necessary for its purposes.

Sharing Personal Information

We disclose your Personal Information for a business purpose to the following categories of third parties:

We may disclose your Personal Information for legal reasons. Specifically, we will share Personal Information with companies, organizations or individuals outside of The Standard, including legal advisors, consultants, insurers and insurance brokers, governmental authorities, arbitration institutions and courts if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

We attempt to notify visitors and guests about legal demands for their Personal Information when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we have no obligation to do so.

International Transfer

We have centralized some of our data processing activities and, as a result, we may, directly or indirectly through our organization and affiliates, and through third-party entities around the world, process, store, and transfer the information you provide, including your Personal Information, as described in this Privacy Policy and in accordance with applicable data privacy laws.

Specifically, such information and Personal Information may be transferred to, and stored at, a location outside of your jurisdiction, such as the United States or the location of the hotel where you are staying. The jurisdiction where your Personal Information will be processed may or may not have laws that seek to preserve the privacy of Personal Information. Your Personal Information may also be processed by staff operating outside of your jurisdiction who work for us or for one of the organizations outlined in this Privacy Policy in connection with the activities outlined in this Privacy Policy.

By submitting your Personal Information using the Sites or Services, you understand and agree to this transfer, storing or processing. As described below in “How We Protect Personal Information“, we have put in place commercially reasonable technical and organizational procedures to safeguard the treatment of information and Personal Information, in accordance with applicable law.

Your Privacy Choices

You may have certain rights relating to your Personal Information under local data privacy and protection laws. Subject to applicable law, you may make requests regarding your Personal Information, such as deleting your Personal Information, correcting your Personal Information, and obtaining a copy of your Personal Information.

To make such a request, please email DPO@standardhotels.com or submit a request here, or write us at the address indicated in “How to Contact Us” below.  To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information.

For California residents, please see Privacy Rights Specific to California Residents below.

For residents of the European Union, United Kingdom and Switzerland, please see Privacy Rights Specific to Certain Residents of Europe below.

For residents of Thailand, please see Privacy Rights Specific to Certain Residents of Thailand below.

When permitted by law, we may charge an appropriate fee to cover the costs of responding to your request and refuse to comply with requests that are clearly unfounded, repetitive or excessive. 

PRIVACY NOTICE FOR RESIDENTS OF CALIFORNIA

Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), we are providing California residents with the following additional information regarding the categories of their Personal Information that we have collected or disclosed in the previous twelve months:

Information Collected Related to California Residents

We collect the following categories of Personal Information:

Category of Personal Information

Examples

A. Identifiers.

First and last name, postal address, unique personal identifier, online identifier.

B. Personal information categories defined in California safeguards law.

Name, address, telephone number, financial information.

C. Characteristics of protected classifications under federal and California law

Gender, age, citizenship, national origin, marital status, medical conditions, primary language.

D. Commercial information.

Records of products or services purchased, obtained, or considered, financial details, purchasing or consuming histories or tendencies.

 

From time-to-time we may also collect the following categories of Personal Information:

 

Category of Personal Information

Examples

E. Internet or other similar network activity.

Interaction with the Sites.

F. Geolocation Data

Device location, IP location.

G. Sensory data.

Audio, electronic, visual or similar information recorded in connection with our business activities.

H. Inferences drawn from other personal information.

Profile reflecting a person's preferences, behavior, and attitudes.

Use and Disclosure of Information Collected Related to California Residents

The Standard may use your Personal Information for the purposes described above in “How We Use Personal Information We Collect”, and may disclose your Personal Information to third-party commercial providers for a legitimate business purpose, which include, for example, verifying your identity when making a payment. When we disclose Personal Information for these reasons, the provider is generally required both to keep that Personal Information confidential and not use it for any purpose except for the purposes set forth in the contract with such provider.

In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for one or more business purposes:

  1. Identifiers, such first and last name, postal address, unique personal identifier, online identifier;
  2. Personal information categories defined in California safeguards law, such as name, address, telephone number, financial information;
  3. Characteristics of protected classifications under federal and California law, such as gender, age, citizenship, national origin, marital status, medical conditions, primary language;
  4. Commercial information, such as records of products or services purchased, obtained, or considered, financial details, purchasing or consuming histories or tendencies;
  5. Internet or other network activity information, such as interaction with the Sites;
  6. Geolocation data, such a device location, IP location;
  7. Sensory data, such as audio, electronic, visual or similar information recorded in connection with our business activities;
  8. Inferences drawn from other personal information, such as a profile reflecting a person's preferences, behavior, and attitudes.

“Sale” of Personal Information

As described above, we have disclosed your Personal Information to third parties in connection with providing you with certain Services and for other business purposes.  Under the broad definition of what constitutes a “sale” under CCPA, such disclosure may constitute a “sale” of your Personal Information. 

Direct Marketing

California residents are entitled to contact us to request information about whether we have disclosed Personal Information to third parties for the third parties’ direct marketing purposes and may choose to opt-out of the sharing of Personal Information with third parties for direct marketing purposes by (a) sending an email to DPO@standardhotels.com with the subject heading “California Privacy Rights,” (b) submitting a request here or (c) sending a letter addressed to Standard International, Attention: DPO/Legal, 23 East 4th Street, 5th Floor, New York, NY 10003.  In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California privacy rights requirements and only information on covered sharing will be included in our response.  We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph. 

Privacy Rights Specific to California Residents

Under the CCPA, California residents have specific rights regarding their personal information. This section describes Californians’ rights and explains how California residents can exercise those rights.

If you are a California resident who chooses to exercise your rights, you can:

  1. Submit a request via email to DPO@standardhotels.com, or
  2. Submit a request here, or 
  3. Call (212) 965-4309 to submit your request.

You may also designate an agent to exercise your privacy rights on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government issued identification.

Upon receiving your request, we will confirm receipt of your request by sending you an email. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information. In some instances, such as a request to delete personal information, we may first separately confirm that you would like for us to in fact delete your personal information before acting on your request.

We will respond to your request within forty-five (45) days. If we require more time, we will inform you of the reason and extension period in writing. 

In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, listed below, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  1. Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  3. Debug products to identify and repair errors that impair existing intended functionality;
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
  5. Comply with the California Electronic Communications Privacy Act;
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
  8. Comply with a legal obligation; or
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Privacy Rights Specific to Certain Residents of Europe

The European Union’s General Data Protection Regulation (“GDPR”), and corresponding legislation in the United Kingdom and Switzerland, provide residents of the EU, United Kingdom and Switzerland with certain rights in connection with Personal Information you have shared with us. If you are such a resident, you may have the following rights:

You may exercise any of the rights described in this section by sending an email to DPO@standardhotels.com or by submitting a request here. Please note that we may ask you to verify your identity and request before taking further action on your request. We may respond to your request by letter, email, telephone or any other suitable method.  

GDPR Representative

Osano International Compliance Services Limited

ATTN: PGX4

25/28 North Wall Quay

Dublin 1, D01 H104

IRELAND

Privacy Rights Specific to Certain Residents of Thailand

Subject to limitations and conditions of applicable law, you are entitled to the following rights to your Personal Information: 

(a) Request to have access to and obtain a copy of your Personal Information, and to request the disclosure of the source of the Personal Information, in the event that your Personal Information was collected without your consent; 

(b) To request to obtain your Personal Information in a format which is generally readable or usable by automatic tool or device, if any, and to request that your Personal Information in such format be transmitted to another data controller; 

(c) request that your Personal Information be deleted, destructed or de-identified where: (i) your Personal Information is no longer necessary for the purpose of which your Personal Information has been collected, used or disclosed; (ii) you have withdrawn your consent and we do not have any other legal authorization to continue to collect, use or disclose your Personal Information; (iii) you have exercised the right to object; or (iv) your Personal Information has been unlawfully collected, used or disclosed; 

(d) object to the collection, use or disclosure of your Personal Information in particular circumstances, including, without limitation, where your Personal Information is processed by relying on legitimate interest as a legal basis, or where your Personal Information is processed for the direct marketing purpose; 

(e) request that the processing of your Personal Information be suspended where: (i) you have requested to exercise the right to correction and such request is under examination; (ii) your Personal Information has been unlawfully collected, used or disclosed, but you do not want to have it deleted or destructed; (iii) your Personal Information is no longer necessary, but you would like to have it retained for the purpose of establishing, complying, exercising or defending a legal claim; or (iv) you have requested to exercise the right to objection and such request is under examination;

(f) Request that your Personal Information be corrected, updated, or completed; 

(g) Withdraw your consent at any time, provided that there is no other legal ground for us to continue with the processing of your Personal Information (if applicable); and

(h) Lodge complaints to the competent authority. 

You may exercise any of the rights described in this section by sending an email to DPO@standardhotels.com or by submitting a request here. Please note that we may ask you to verify your identity and request before taking further action on your request. We may respond to your request by letter, email, telephone or any other suitable method. 

OTHER IMPORTANT INFORMATION

 

Your Failure to Provide Personal Information

Your provision of Personal Information is required in order to use certain Services and programs.  In some instances, if you fail to provide such Personal Information, you may not be able to access and use our Services, or parts of our Services. In addition, we may not be able to perform our contractual obligation, either in whole or in part, or to proceed with you request to entering into a contractual relationship with us, as the case may be.  Moreover, where our processing of your Personal Information is based on legal obligation, failure to provide your Personal Information under such circumstance may result in your and/or our violation of applicable law or regulations. 

Our Retention of Your Personal Information

We use and retain your Personal Information for as long as necessary to fulfill the purpose for which it is being processed, to carry out legitimate business interests, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation). 

After expiry of the applicable retention periods, your Personal Information will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such data.

How We Protect Personal Information

The Standard maintains commercially reasonable technical and organizational safeguards designed to protect the User's Personal Information against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. For example, we and/or our service providers use commercially reasonable security measures such as encryption, firewalls, Secure Socket Layer software (SSL) or hypertext transfer protocol secure (HTTPS) to protect Personal Information.  

Although we take reasonable steps designed to protect your Personal Information, please be advised that no security system or means of transmitting data over the Internet can be guaranteed to be entirely secure (including without limitation with respect to computer viruses, malicious software and hacker attacks).  We cannot and do not guarantee or warrant the security of your Personal Information or any other information you disclose or transmit to us.  We are not responsible for the acts of those who gain unauthorized access, and we make no warranty, express, implied or otherwise, that we will prevent such access, and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. Where required under law, we will notify you of any such loss, misuse or alteration of Personal Information that may affect you so that you can take the appropriate actions.

For your own privacy protection, we urge you to keep all passwords confidential.  We also recommend that you do not include sensitive information such as passwords, social security numbers or payment information, in any emails that you send to us. If you become aware of any breach of the terms of this Privacy Policy or of the security of the Services, please notify us by email at DPO@standardhotels.com.

Your Marketing Choices

You may have certain choices when it comes to how we use your data and we want to provide you with information to make the choices that are right for you.

Notwithstanding anything else in this Privacy Policy, please note that we always reserve the right to contact you in the event of a change in this Privacy Policy, or to provide you with any service-related notices. 

Links to Other Websites

The Sites or Services may contain links to webpages operated by parties other than The Standard. We do not control such websites and are not responsible for their contents or the privacy policies or other practices of such websites. Our inclusion of links to such websites does not imply any endorsement of the material on such websites or any association with their operators. Further, you access linked sites at your own risk and, by accessing them, you are leaving the Sites, and you understand it is up to the User to take precautions to ensure that whatever links the User selects or software the User downloads (whether from this Site or other websites) is free of such items as viruses, worms, trojan horses, defects and other items of a destructive nature. These websites and services may have their own privacy policies, which the User will be subject to upon linking to the third party’s website. The Standard strongly recommends that each User review the third party’s terms and policies.

If you have any questions about the privacy practices of other websites, you should contact the relevant parties controlling these websites for more information.

Children’s Privacy

The Sites and Services are not designed or intended to be used by anyone under the age of 18. If you are under the age of 18 (or an age that is considered a minor in the jurisdiction in which you are accessing our Sites or Services), please do not use the Sites or Services, make reservations or other purchases via the Services, use any interactive features of the Services, or post any Personal Information to our Sites or submit any Personal Information via the Services. We do not knowingly or intentionally gather Personal information about children.  If a child has provided us with Personal Information, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child, please contact us DPO@standardhotels.com. If we learn that we have inadvertently collected the Personal Information of a child, we will take steps to delete the information as soon as possible and cease the use of that information in accordance with applicable law. 

Privacy Policy Modifications

Our Privacy Policy may change from time to time. We will post any privacy policy changes on this page and will keep prior versions of this Privacy Policy in an archive for your review upon request to DPO@standardhotels.com. We will inform you if we make substantial changes to this Privacy Policy, and if required by applicable law or regulation, obtain your consent prior to such changes become effective. 

How to Contact Us

If you have any questions, comments or concerns about this Privacy Policy, or if you would like to exercise your rights discussed above, please contact us:

Via e-mail: DPO@standardhotels.com

By submitting a request here (only for exercising rights under applicable data privacy laws) 

By writing to us:

Standard International Management, LLC
Attn: DPO/Legal
23 East 4th Street, 5th Floor
New York, NY 10003
USA

Standard Asia Co., Ltd.
Attention:  DPO/Legal
59 Soi Rim Khlong Phra Khanong, 
Phra Khanong Nuea, 
Vadhana, Bangkok 10110 
Thailand

Book Now