USE OF PERSONAL DATA

Marriott collects, uses, sells, shares, or otherwise discloses the Personal Data listed above (apart from Sensitive Personal Data) to operate, manage, and maintain our business, to provide our products and services, for vendor management purposes, and to accomplish our business purposes and objectives, including, for example, using Personal Data to: develop, improve, and maintain our products and services; personalize, advertise, and market our products and services; conduct research, analytics, and data analysis; maintain our facilities and infrastructure; undertake quality and safety assurance measures; conduct risk and security control and monitoring; detect and prevent fraud; perform identity verification; perform accounting, audit, and other internal functions, such as internal investigations; comply with law, legal process, and internal policies; maintain records; and exercise and defend legal claims.

Subject to your consent where required by applicable law, we collect, use, and disclose Sensitive Personal Data for purposes of: performing services for our business; providing goods or services as requested by you; ensuring safety, security and integrity; countering malicious, deceptive, fraudulent, or illegal actions; fulfilling short-term transient uses, such as displaying first party, non-personalized advertising; order processing and fulfillment; servicing accounts and providing customer service; verifying customer information; processing payments; providing financing; activities relating to quality and safety control or product improvement; and other collection and processing that is not for the purpose of inferring characteristics about an individual. We do not use Sensitive Personal Data beyond these purposes.

We do not knowingly “sell” or “share” the Personal Data, including the Sensitive Personal Data, of individuals under the age of 16. 

We may also use and disclose Personal Data to a third party in the context of any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

RETENTION PERIOD

We retain Personal Data for as long as needed or permitted in light of the purpose(s) for which it was collected. The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services and for as long as necessary to satisfy the terms of the Bonvoy program);
• Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); and 
• Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation, or regulatory investigations).

INDIVIDUAL RIGHTS

Overview of Individual Rights

If you are a California or Colorado resident, you may make the following requests, subject to applicable law:

Request to Know. You may request to know whether we process your Personal Data and to access such Personal Data. You may request to receive the specific pieces or a copy of your Personal Data, including, where applicable, a copy of the Personal Data you provided to us in a portable format.

If you are a California resident, you may request that we disclose to you the following information:

• The categories of Personal Data we collected about you and the categories of sources from which we collected such Personal Data;
• The business or commercial purpose for collecting, selling, or sharing (if applicable) Personal Data about you;
• The categories of Personal Data about you that we sold or “shared” and the categories of third parties to whom we sold or “shared” such Personal Data (if applicable); and
• The categories of Personal Data about you that we otherwise disclosed, and the categories of third parties with whom we disclosed such Personal Data (if applicable).
   

Request to Delete. You may request that we delete your Personal Data.

Request to Correct. You may request that we correct inaccuracies in your Personal Data.

Request to Opt-Out of Sale, Targeted Advertising, and/or Sharing. You may request to opt-out of the “sale” of your Personal Data and/or targeted advertising, including the “sharing” of your Personal Data for cross-context behavioral advertising purposes.

Request to Appeal. If you are a Colorado resident and we refuse to act on your request, you may appeal our refusal within a reasonable period after you have received notice of the refusal.

How You Can Request to Know, Delete, Correct, Appeal, or Opt-Out of Sale, Targeted Advertising, and/or Sharing of Your Personal Data

To make a Request to Know, Delete, or Correct, please contact us via our Individual Rights Portal here↗ or call 1-800-218-9316. We may request information from you in order to verify your request, such as your name, email address, postal address, phone number, or loyalty number, and then use that information to match it with information we already have. We may also ask you for additional identifiers such as your date of birth or the last four digits of your credit card if we need additional information to verify your identity. We will respond to your request consistent with applicable law.

To Request an Appeal to a prior Individual Rights Request, contact us at privacy@marriott.com, by phone at 1-800-218-9316, or through an active open request via our Individual Rights Request portal.

You have the right to be free from unlawful discrimination for exercising your rights under applicable law.

Authorized Agents: If you’re a California resident and would like an authorized agent to submit a request on your behalf, the agent may do so by using the submission methods noted above. Upon receipt of a Request to Know, Delete, or Correct by an agent, Marriott will ask the California resident for written, signed permission that the agent has been authorized by the resident to act on their behalf. Once written authorization is provided, Marriott will open a request for the resident in the portal. Marriott will respond directly to the individual email address provided by the authorized agent regarding the fulfillment of the request, and not in a platform or portal.

CHANGES TO THIS CALIFORNIA AND COLORADO PRIVACY STATEMENT

We may change or update this California and Colorado Privacy Statement from time to time. When we do, we will post the revised California and Colorado Privacy Statement on this page with a new “Last Updated” date. 

PRIVACY RIGHTS REQUEST METRICS

Between January 1 and December 31, 2023, Marriott received the following requests from consumers identifying themselves as California residents:

NOTICE OF FINANCIAL INCENTIVE / BONA FIDE LOYALTY PROGRAM

The CCPA’s implementing regulations define a “financial incentive” as a program, benefit, or other offering “related to the collection, deletion, or sale of personal information.” Likewise, the CPA’s implementing rules define a “Bona Fide Loyalty Program” as a program “established for the genuine purpose of providing discounts, rewards, or other actual value” to members that voluntarily participate in the program. Marriott International offers guests the opportunity to participate in the Marriott Bonvoy Loyalty Program (the “Program”), which may provide benefits, including discounted rates on stays, as well as the opportunity to earn points that can be redeemed for discounted or free stays or other items, to those who choose to join. Those benefits are described along with other material terms and conditions here. Our collection of members’ Personal Data (including name, zip code, email address, and other Personal Data as described above under “Personal Data We Collect, Disclose, Share, and Sell”) allows Marriott to operate the Program and provide membership benefits. Marriott uses the Personal Data of Program members, including their stay details, to both award and redeem points. Otherwise, the types of Personal Data that we collect from Program members are generally similar to the types of Personal Data that we collect from individuals who are not Program members. The amount of Personal Data that we collect from a member or non-member may vary and is dependent on the level of interactions and engagement that the member or non-member has with Marriott.

Marriott seeks to ensure that both members and non-members have a memorable and enjoyable experience when staying at a Marriott hotel. For this reason, in connection with a hotel stay, Marriott may collect information from both members and non-members related to their personal preferences, as described in the section titled “The Data We Collect” in the Marriott Group Global Privacy Statement. Program members can organize their Personal Data and preferences as part of their Program profile. For example, a Program profile may include address, phone, month and day of birth, and gender, as well as room options, stay preferences, and communication preferences.

Marriott may also collect Personal Data about Program members through its Partner Programs, as defined in Marriott’s Loyalty Program Terms & Conditions, as well as through Linked Accounts, such as with airline frequent flyer programs or retail or cruise partners, as explained in the Marriott Group Global Privacy Statement. When a Program member engages with a Partner Program or has a Linked Account, Marriott receives information necessary to facilitate point redemptions or earnings. The partner benefits available to a member depends on the level and interactions from that member.

Marriott "sells," as the term is defined under the CCPA, Personal Data of both Program members and non-members to Marriott Vacations Worldwide ("MVW") and to third-party marketing partners for the purposes of online advertising, as disclosed above in this California and Colorado Privacy Statement. Marriott also “sells” the Personal Data of Program members (but not non-members) to its co-branded credit card partners for purposes of marketing. The following details are disclosed in this California and Colorado Privacy Statement, above, under the section titled “Personal Data We Collect, Disclose, Share, and Sell”:

• Categories of Personal Data sold to third parties; 
• Categories of Personal Data, including Sensitive Data, processed for purposes of targeted advertising; and 
• Categories of third parties that will receive members’ Personal Data, including Sensitive Personal Data.

When a Program member purchases a timeshare property from MVW, Marriott receives information from MVW so that the MVW Owners can receive various program benefits, including Elite Status Upgrades, Elite Night Credits for their timeshare stays, and the ability to convert their timeshare interest into Program points. In addition, Personal Data received from Marriott’s credit card partners may include information for servicing and facilitating the Program member’s point earnings through use of the credit card. Marriott may also receive the member’s category level spend (e.g., how much the member spent on groceries) and information that may assist in presenting relevant ads to our members and non-members.

If you are a California or Colorado resident and opted out of our “sale” of your Personal Data before you joined the Program, you will need to opt out again once you are a member, if you do not wish for Marriott to “sell” your Personal Data. To do so, click on “Your Privacy Choices” or call 1-800-218-9316.

We estimate the value of a member’s Personal Data to Marriott International, solely for purposes of the CCPA and pursuant to the valuation options mandated by the CCPA regulations, to be on average approximately $0.54 per consumer in 2023. This estimate is not specific to any individual consumer and varies per consumer. We have based this good faith estimate on the value that arises from our commercial relationships and the collection and retention of the Personal Data of consumers who have voluntarily signed up and chosen to remain in the Program. The value of Program benefits to members varies significantly as individual members take advantage of Program benefits to varying degrees.

You may join the Program on our website, at a participating property, or through another enrollment channel in line with the Bonvoy Program Terms & Conditions.

Members who are California or Colorado residents may exercise their privacy rights (i.e., the rights to know, to request deletion, and to opt out of the sale of Personal Data) without any effect on their membership status or eligibility to receive rewards, and Program members who exercise their privacy rights under U.S. State laws receive the same benefits as members who do not. A member may also choose not to receive marketing updates or offers at any time without any effect on their membership status or eligibility to receive Program benefits.

You may cancel your membership at any time by notifying Member Support at:

Marriott Guest Services 
910 West Legacy Center Way, Suite 100
Midvale, UT 84047

Or by fax: 1-801-468-4033.
Or by visiting: How Can I Cancel My Marriott Bonvoy® Account

CONTACT US
 

If you have questions or concerns about this California and Colorado Privacy Statement, you may contact us at privacy@marriott.com, or by mail:

Marriott International, Inc.
Global Compliance, Privacy
7750 Wisconsin Avenue
Bethesda, MD 20814