Marriott Group Privacy Statement for the Collection of Non-Employee and Non-Guest Personal Data

Last Updated: December 26, 2020

1. Introduction

The Marriott Group, which includes Marriott International, Inc. and its affiliates (“Marriott,” “we,” “our”), is committed to protecting the Personal Data it collects, stores and uses. This Privacy Statement covers Personal Data of individuals other than Marriott Associates, such as contractors, consultants, Franchise Hotel employees, and non-guests (“you,” “your”). For avoidance of doubt the Personal Data of Marriott Associates is covered by the Associate Personal Data Privacy Statement Opens in a new browser window, and the Personal Data of guests is covered by the Marriott Group Global Privacy Statement, and not this Statement.

2. Purpose

The collection and use of your Personal Data enables Marriott to engage in business planning and operational processes, such as project implementation, providing training, and administering discount programs to others besides Marriott Associates and guests.

3. What Data About Marriott Collects, Uses, Transfers and Shares, and Why

Marriott may have collected or will collect information about you and your relationship with Marriott and, in certain cases, about those to whom room rates and food and beverage discounts are offered. Marriott refers to such data as “Personal Data.” For more specific information regarding the Personal Data about you that Marriott may collect, use, transfer, and share, and the purposes for which it may be collected, used, transferred, and shared, please see the end of this Statement. Marriott will not use Personal Data for any purpose incompatible with the purposes described in this Statement, unless it is required or authorized by law, authorized by you, or is in your own vital interest (e.g., in the case of a medical emergency).

With the exception of certain data that is required by law, or is necessary or important to the performance of our business, your decision to provide Personal Data to Marriott is voluntary. However, if you do not provide certain required data, Marriott may not be able to accomplish some of the purposes outlined in this Statement.

4. Access to Personal Data

Access to Personal Data within Marriott will be limited to personnel with a business need to access Personal Data for the purposes described at the end of this Statement, and may include Marriott personnel in Human Resources, Information Technology, Compliance, Legal, Finance and Accounting, and Internal Audit. Occasionally, Marriott may also need to make Personal Data available to owners of the Marriott Group branded properties that we manage or other, unaffiliated, third party service providers.

Third party service providers and owners are expected to protect the confidentiality and security of Personal Data, and only use Personal Data for the provision of services to Marriott, or in accordance with agreements, and in compliance with applicable law.

5. Security

Marriott will take appropriate measures to protect Personal Data, consistent with applicable privacy and data security laws and regulations, including requiring service providers to use appropriate measures to protect the confidentiality and security of Personal Data.

6. Data Integrity and Retention

Marriott will take appropriate measures to protect Personal Data, consistent with applicable privacy and data security laws and regulations, including requiring service providers to use appropriate measures to protect the confidentiality and security of Personal Data.

The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you
  • Whether there is a legal obligation to which we are subject
  • Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)

7. Access, Correction, and Deletion Requests and Questions

Please contact privacy@marriott.com if you have any questions or concerns about how Marriott processes Personal Data; if you wish to request access, correction, suppression, or deletion of your Personal Data; if you wish to request that Marriott cease using your Personal Data; or if you would like to request an electronic copy of your Personal Data for purposes of transmitting it to another company. Marriott will respond consistent with applicable law. Please note, however, that certain Personal Data may be exempt from these requests pursuant to applicable data protection laws or other laws and regulations.

8. Your Obligations

Please keep Personal Data current and inform us of any significant changes to Personal Data. You agree to inform others whose Personal Data you provide to Marriott about the content of this Statement, and to obtain their consent (provided they are legally competent to give consent) for the use (including transfer and disclosure) of that Personal Data by Marriott as set out in this Statement, or as required by applicable law.

9. Reasons and Basis for Collection, Use, Transfer and Disclosure

Marriott collects and processes data about you: (i) because such data is of particular importance to us and we have a specific legitimate interest under law to process it; (ii) because such data is necessary to fulfill a contract; or (iii) where necessary to protect the vital interests of any person. Marriott’s legitimate interest in collecting and processing Personal Data is detailed at the end of this notice and includes, for example, to administer and generally conduct business within Marriott. Where this reason does not apply, your decision to provide Personal Data to Marriott is voluntary, and we will process such data with your consent, which you may withdraw at any time.

10. Transfers and Use of Personal Data in the European Economic Area (EEA)

Due to the global nature of Marriott operations, Marriott may, through the internet and Marriott’s networks, share Personal Data with personnel and departments throughout Marriott to fulfill the purposes described at the end of this Statement. This may include transferring Personal Data to other countries or regions (including countries or regions other than where you are based and that have a different data protection regime than is found in the country where you are based). A list of the Marriott Group affiliated companies that may process and use Personal Data is available here Opens in a new browser window.

We may transfer Personal Data to countries located outside of the European Economic Area (“EEA”). Some of these countries are recognized by the European Commission as providing an adequate level of protection according to EEA standards (the full list of these countries is available here Opens in a new browser window). For transfers from the EEA to other countries, we have put in place adequate measures, Data Transfer Agreements and/or Standard Contractual Clauses to protect your data.

11. Data Protection Officer Contact Information and Complaints

If you have any questions or concerns, please initiate your request with your corporate representative. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data.

If you are not satisfied, you may contact the data protection officer responsible for your country or region via MarriottDPO@marriott.com. In your email, please indicate the country in which you are located. Additionally, you may lodge a complaint with a data protection authority for your country or region or where an alleged infringement of applicable data protection laws has occurred at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080 Opens in a new browser window.

You may also send your complaint to us via postal mail at:

Marriott International, Inc.
Data Protection Officer (DPO)
10400 Fernwood Road
Bethesda, MD 20817
United States of America

12. Changes to the Statement

Marriott reserves the right to amend this Statement at any time in order to address future business developments or changes in the industry or legal trends. Marriott will post the revised Statement on Marriott Global Source (MGS) or announce the change on the home page of this website. You can determine when the Statement was revised by referring to the “Last Updated” legend at the top of this Statement.

 


 

Types of Personal Data Marriott May Collect, Use, Transfer and Share

  • Personal Details: Name, associate identification number, category of relationship to Franchise employee for Hotel Discount, preferred language(s).
  • Position: Internal descriptor used to support course offerings.
  • System and Application Access Data: Data required to access Marriott systems and applications such as System ID, LAN ID, mHUB, email account, instant messaging account, mainframe ID, and electronic content produced using Marriott systems.

The Purposes for which Marriott May Collect, Use, Transfer and Share Personal Data

  • Communications and Security: Facilitating communications and safeguarding and maintaining IT infrastructure by using various security tools, office equipment, facilities and other property.
  • Business Operations: Operating and managing the IT, communications systems, and facilities, managing product and service development, improving products and services, managing Marriott assets, project management, business continuity, offering services and benefits, and maintaining records relating to business activities.
  • Compliance: Complying with legal and other requirements applicable to Marriott’s business in all countries or regions in which Marriott operates, record-keeping and reporting obligations, conducting audits, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as subpoenas, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims (including those received through the hotlines), conducting investigations including reported allegations of wrongdoing, policy violations, fraud, financial reporting concerns, and complying with internal policies and procedures.
  • Monitoring: Monitoring of email and other Marriott-owned resources, and other monitoring activities as permitted by local law. Please note that electronic communications, such as emails from Marriott-provided electronic communication services and the Marriott network, do not grant personal, privileged, or confidential status or rights in such communications to the sender, recipient, or user of such messages. There is no right to privacy or to assert any privileges with respect to such electronic communications. Marriott reserves the right to access, monitor, review, copy, and/or delete any such electronic communications. Marriott also reserves the right to assert privileged or confidential status or rights in such communications as permitted by law.

The Categories of Unaffiliated Third Parties with whom Marriott May Share Personal Data

  • Service Providers: Companies that provide products and services to Marriott such as, human resources services, expense management, IT systems suppliers and support, trade bodies and associations, accountants, auditors, lawyers, insurers, bankers, and other outside professional advisors and service providers.
  • Public and Governmental Authorities: Entities that regulate or have jurisdiction over Marriott such as regulatory authorities, law enforcement, public bodies, and judicial bodies.