Skip to Content

California and Colorado Privacy Statement

 

Last Updated: July 1, 2023

 

Personal Data We Collect, Disclose, Share, and Sell
Use Of Personal Data
Retention Period
Individual Rights
Changes To This California and Colorado Statement
Privacy Rights Request Metrics
Notice Of Financial Incentive
Contact Us

 

Pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the CCPA), and the Colorado Privacy Act (the CPA), the Marriott Group is providing the following additional details regarding the categories of Personal Data (also called “personal information” under the CCPA) about California and Colorado residents that we collect, use, and disclose. This California and Colorado Privacy Statement supplements the Marriott Group Global Privacy Statement.

PERSONAL DATA WE COLLECT, DISCLOSE, SHARE, AND SELL

 

The following chart details categories of Personal Data about California and Colorado residents we collect, as well as categories of Personal Data we have collected and disclosed for operational business purposes in the preceding 12 months. The chart also details the categories of Personal Data that we “sell” or “share” for purposes of cross-context behavioral or targeted advertising, including within the preceding 12 months.

 

For purposes of this California and Colorado Privacy Statement, “sold” or “sale” means the disclosure of Personal Data for monetary or other valuable consideration but does not include, for example, the transfer of Personal Data as an asset that is part of a merger, bankruptcy, or other disposition of all or any portion of our business. For the categories below, Marriott “sells” or “shares” the data solely for the purposes of Marketing and Promotion.

 

Categories of Personal Data Categories of Third Parties to Whom Personal Data Has Been Disclosed for Operational Business Purposes Categories of Third Parties to Whom Personal Data Has Been Sold Categories of Third Parties to Whom Personal Data Has Been Shared for Cross-Context Behavioral or Targeted Advertising Processing Purposes (see “Why We Collect Your Data (Legal Basis)” in the Marriott Group Global Privacy Statement) for a description of the Processing Purposes)

Identifiers, such as name, nationality, passport, visa or other government-issued ID, and online identifiers

• Marriott Group

• Service Providers

• Franchisees

• Owners

• Homes and Villas Property Management Companies

• Authorized Licensees

• On-Property or Travel Partners

• Strategic Business Partners

• Third Parties (for purposes of approved Linked Accounts and Promotional activities)

• Governmental Agencies (if required)

• Marriott Vacations Worldwide

• Credit Card Partners (Name and Online Identifiers only)

• Advertising Partners

• Advertising Partners

• Booking & Guest Registration

• On-Site Reception & Stay Services

• Conferences & Events

• Marriott Operations & General Business

• Emergency & Incident Response

• Legal & Compliance

• Spa, Beauty, Golf & Fitness Services

• Food & Beverage Services

• Child-Related Services (for Parents & Legal Guardians)

• Loyalty Programs, Accounts & Relationship Management

• Marketing, Promotions, Contests & Third-Party Products

Personal information, as defined in the California safeguards law, such as name, contact information, government-issued ID, and financial information

• Marriott Group

• Service Providers

• Franchisees

• Owners

• Homes and Villas Property Management Companies

• Authorized Licensees

• On-Property or Travel Partners

• Strategic Business Partners

• Third Parties (for purposes of approved Linked Accounts and Promotional activities)

• Governmental Agencies (if required)

• Marriott Vacations Worldwide

• Credit Card Partners

• Advertising Partners

• Booking & Guest Registration

• On-Site Reception & Stay Services

• Conferences & Events

• Marriott Operations & General Business

• Emergency & Incident Response

• Legal & Compliance

• Spa, Beauty, Golf & Fitness Services

• Food & Beverage Services

• Child-Related Services (for Parents & Legal Guardians)

• Loyalty Programs, Accounts & Relationship Management

• Marketing, Promotions, Contests & Third-Party Products

Characteristics of protected classifications under California or federal law, such as gender, age, medical conditions, primary language, national origin, citizenship, and marital status

• Marriott Group

• Service Providers

• Franchisees

• Owners

• Homes and Villas Property Management Companies

• Authorized Licensees

• On-Property or Travel Partners

• Strategic Business Partners

• Third Parties (for purposes of approved Linked Accounts and Promotional activities)

• Governmental Agencies (if required)

• Marriott Vacations Worldwide

• Credit Card Partners

• Advertising Partners

• Booking & Guest Registration

• On-Site Reception & Stay Services

• Conferences & Events
• Marriott Operations & General Business

• Emergency & Incident Response

• Legal & Compliance

• Spa, Beauty, Golf & Fitness Services

• Food & Beverage Services

• Child-Related Services (for Parents & Legal Guardians)

• Loyalty Programs, Accounts & Relationship Management

• Marketing, Promotions, Contests & Third-Party Products

Commercial information, such as transaction information, purchase history, financial details, payment methods, and membership or loyalty program data

• Marriott Group

• Service Providers

• Franchisees

• Owners

• Homes and Villas Property Management Companies

• Authorized Licensees

• On-Property or Travel Partners

• Strategic Business Partners

• Third Parties (for purposes of approved Linked Accounts and Promotional activities)

• Governmental Agencies (if required)

• Marriott Vacations Worldwide

• Credit Card Partners

• Advertising Partners

• Booking & Guest Registration

• On-Site Reception & Stay Services

• Conferences & Events

• Marriott Operations & General Business

• Spa, Beauty, Golf & Fitness Services

• Food & Beverage Services

• Child-Related Services (for Parents & Legal Guardians)

• Loyalty Programs, Accounts & Relationship Management

• Marketing, Promotions, Contests & Third-Party Products

Biometric information

• Service Providers

• Governmental Agencies (if required)

N/A – Marriott does not sell this data

N/A – Marriott does not share this data

• Booking & Guest Registration

• On-Site Reception & Stay Services

• Conferences & Events

• Marriott Operations & General Business

• Emergency & Incident Response

• Legal & Compliance

• Spa, Beauty, Golf & Fitness Services

• Food & Beverage Services

• Loyalty Programs, Accounts & Relationship Management

Internet or network activity information, such as browsing history and interactions with our and other websites and computer systems

• Marriott Group

• Service Providers

• Governmental Agencies (if required)

• Geolocation data, such as device location and IP location

• Advertising Partners

• Advertising Partners

• Booking & GuestRegistration
• On-Site Reception & Stay Services
• Conferences & Events
• Marriott Operations & General Business
• Legal & Compliance
• Spa, Beauty, Golf & Fitness Services
• Food & Beverage Services
• Child-Related Services (for Parents & Legal Guardians)
• Loyalty Programs, Accounts & Relationship Management
• Marketing, Promotions, Contests & Third-Party Products

Geolocation data, such as device location and approximate location derived from IP address

• Marriott Group
• Service Providers
• Governmental Agencies (if required)

• Advertising Partners

• Advertising Partners

• Booking & Guest Registration

• Marriott Operations & General Business

• Emergency & Incident Response

• Legal & Compliance

• Loyalty Programs, Accounts & Relationship Management

• Marketing, Promotions, Contests & Third-Party Products

Audio, electronic, visual, and similar information, such as images and audio, video or call recordings created in connection with our business activities

• Marriott Group

• Service Providers

• Governmental Agencies (if required)

N/A – Marriott does not sell this data

N/A – Marriott does not share this data

• Booking & Guest Registration

• Conferences & Events

• Marriott Operations & General Business

• Emergency & Incident Response

• Legal & Compliance

• Loyalty Programs, Accounts & Relationship Management

• Marketing, Promotions, Contests & Third-Party Products

Inferences drawn from any of the Personal Data listed above to create a profile or summary about, for example, an individual’s preferences and characteristics

• Marriott Group

• Franchisees

• Owners

• Homes and Villas Property Management Companies

• On-Property or Travel Partners

• Governmental Agencies (if required)

• Credit Card Partners

• Advertising Partners

• Advertising Partners

• Booking & Guest Registration

• On-Site Reception & Stay Services

• Conferences & Events

• Marriott Operations & General Business

• Spa, Beauty, Golf & Fitness Services

• Food & Beverage Services

• Loyalty Programs, Accounts & Relationship Management

• Marketing, Promotions, Contests & Third-Party Products

Sensitive Personal Data

• Personal Data that reveals an individual’s Social Security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, citizenship, immigration status, or union membership; the contents of mail, email, and text messages unless the Marriott Group is the intended recipient of the communication; genetic data;

• The processing of biometric information for the purpose of uniquely identifying an individual;

• Personal Data collected and analyzed concerning an individual’s health; 

• Personal Data collected and analyzed concerning an individual’s sex life or sexual orientation;

• Personal Data collected from a known child.

• Marriott Group

• Service Providers

• Governmental Agencies (if required)

N/A – Marriott does not sell this data

N/A – Marriott does not share this data

• Booking & Guest Registration

• On-Site Reception & Stay Services

• Conferences & Events

• Marriott Operations & General Business

• Emergency & Incident Response

• Legal & Compliance

• Spa, Beauty, Golf & Fitness Services

• Food & Beverage Services

• Child-Related Services (for Parents & Legal Guardians)

• Loyalty Programs, Accounts & Relationship Management

• Marketing, Promotions, Contests & Third-Party Products

 

USE OF PERSONAL DATA

 

Marriott collects, uses, sells, shares, or otherwise discloses the Personal Data listed above (apart from Sensitive Personal Data) to operate, manage, and maintain our business, to provide our products and services, for vendor management purposes, and to accomplish our business purposes and objectives, including, for example, using Personal Data to: develop, improve, and maintain our products and services; personalize, advertise, and market our products and services; conduct research, analytics, and data analysis; maintain our facilities and infrastructure; undertake quality and safety assurance measures; conduct risk and security control and monitoring; detect and prevent fraud; perform identity verification; perform accounting, audit, and other internal functions, such as internal investigations; comply with law, legal process, and internal policies; maintain records; and exercise and defend legal claims.

 

We may use Sensitive Personal Data for purposes of performing services for our business, providing goods or services as requested by you, ensuring security and integrity, fulfilling short-term transient uses, such as displaying first party, non-personalized advertising, order processing and fulfillment, servicing accounts, providing customer service, verifying customer information, processing payments, providing financing, and for activities relating to quality and safety control or product improvement.

 

We do not knowingly “sell” or “share” the Personal Data, including the Sensitive Personal Data, of individuals under the age of 16. 

 

We may also use and disclose Personal Data to a third party in the context of any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

 

RETENTION PERIOD

 

We retain Personal Data for as long as needed or permitted in light of the purpose(s) for which it was collected. The criteria used to determine our retention periods include:

 

  • The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services and for as long as necessary to satisfy the terms of the Bonvoy program) 
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them) 
  • Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation, or regulatory investigations)

 

INDIVIDUAL RIGHTS

 

Overview of Individual Rights

 

If you are a California or Colorado resident, you may make the following requests, subject to applicable law:

 

Request to Know. You may request to know whether we process your Personal Data and to access such Personal Data. You may request to receive the specific pieces or a copy of your Personal Data, including, where applicable, a copy of the Personal Data you provided to us in a portable format.

 

If you are a California resident, you may request that we disclose to you the following information:

 

  • The categories of Personal Data we collected about you and the categories of sources from which we collected such Personal Data;
  • The business or commercial purpose for collecting, selling, or sharing (if applicable) Personal Data about you;
  • The categories of Personal Data about you that we sold or “shared” and the categories of third parties to whom we sold or “shared” such Personal Data (if applicable); and
  • The categories of Personal Data about you that we otherwise disclosed, and the categories of third parties with whom we disclosed such Personal Data (if applicable).
     

Request to Delete. You may request that we delete your Personal Data.

 

Request to Correct. You may request that we correct inaccuracies in your Personal Data.

 

Request to Opt-Out of Sale, Targeted Advertising, and/or Sharing. You may request to opt-out of the “sale” of your Personal Data and/or targeted advertising, including the “sharing” of your Personal Data for cross-context behavioral advertising purposes.

 

Request to Appeal. If you are a Colorado resident and we refuse to act on your request, you may appeal our refusal within a reasonable period after you have received notice of the refusal.

 

How You Can Request to Know, Delete, Correct, Appeal, or Opt-Out of Sale, Targeted Advertising, and/or Sharing of Your Personal Data

 

To make a Request to Know, Delete, or Correct, please contact us via this form↗ or 1-800-218-9316. We may request information from you in order to verify your request, such as your name, email address, postal address, phone number, or loyalty number, and then use that information to match it with information we already have. We may also ask you for additional identifiers such as your date of birth or the last four digits of your credit card if we need additional information to verify your identity. We will respond to your request consistent with applicable law.

 

To make a Request to Appeal, contact us via this form↗ or call 1-800-218-9316.

 

You have the right to be free from unlawful discrimination for exercising your rights under applicable law.

 

Authorized Agents: If you would like an authorized agent to submit a request on your behalf, the agent may do so by using the submission methods noted above. Upon receipt of a Request to Know, Delete, or Correct by an agent, Marriott will ask the California or Colorado resident for written, signed permission that the agent has been authorized by the resident to act on their behalf. Once written authorization is provided, Marriott will open a request for the resident in the portal. Marriott will respond directly to the individual email address provided by the authorized agent regarding the fulfillment of the request, and not in a platform or portal.

 

CHANGES TO THIS CALIFORNIA AND COLORADO STATEMENT

 

We may change or update this California and Colorado Privacy Statement from time to time. When we do, we will post the revised California and Colorado Privacy Statement on this page with a new “Last Updated” date. 

 

PRIVACY RIGHTS REQUEST METRICS

 

Between January 1 and December 31, 2022, Marriott received the following requests from consumers identifying themselves as California residents:

 

Request Type Consumer
Requests
Received
Verified
Consumer
Requests
Completed in
Whole or in Part
Verified
Consumer
Requests Denied
Mean Number of
Days to
Substantively
Respond to
Verified
Consumer
Requests

Requests to
Know

161

47

0

25

Requests to
Delete
 

378

85

0

23

Requests to Opt-
Out of Sale

180,603

45,666

0

1

 

NOTICE OF FINANCIAL INCENTIVE

 

The CCPA’s implementing regulations define a “financial incentive” as a program, benefit, or other offering “related to the collection, deletion, or sale of personal information.” Likewise, the CPA’s implementing rules define a “Bona Fide Loyalty Program” as a program “established for the genuine purpose of providing discounts, rewards, or other actual value” to members that voluntarily participate in the program. Marriott International offers guests the opportunity to participate in the Marriott Bonvoy Loyalty Program (the “Program”), which may provide benefits, including discounted rates on stays, as well as the opportunity to earn points that can be redeemed for discounted or free stays or other items, to those who choose to join. Those benefits are described along with other material terms and conditions here. Our collection of members’ Personal Data (including name, zip code, email address, and other Personal Data as described above under “Personal Data We Collect, Disclose, Share, and Sell”) allows Marriott to operate the Program and provide membership benefits. Marriott uses the Personal Data of Program members, including their stay details, to both award and redeem points. Otherwise, the types of Personal Data that we collect from Program members are generally similar to the types of Personal Data that we collect from individuals who are not Program members. The amount of Personal Data that we collect from a member or non-member may vary and is dependent on the level of interactions and engagement that the member or non-member has with Marriott.

 

Marriott seeks to ensure that both members and non-members have a memorable and enjoyable experience when staying at a Marriott hotel. For this reason, in connection with a hotel stay, Marriott may collect information from both members and non-members related to their personal preferences, as described in the section titled “The Data We Collect” in the Marriott Group Global Privacy Statement. Program members can organize their Personal Data and preferences as part of their Program profile. For example, a Program profile may include address, phone, month and day of birth, and gender, as well as room options, stay preferences, and communication preferences.

 

Marriott may also collect Personal Data about Program members through its Partner Programs, as defined in Marriott’s Loyalty Program Terms & Conditions, as well as through Linked Accounts, such as with airline frequent flyer programs or retail or cruise partners, as explained in the Marriott Group Global Privacy Statement. When a Program member engages with a Partner Program or has a Linked Account, Marriott receives information necessary to facilitate point redemptions or earnings. The partner benefits available to a member depends on the level and interactions from that member.

 

Marriott "sells," as the term is defined under the CCPA, Personal Data of both Program members and non-members to Marriott Vacations Worldwide (MVW) and to third party marketing partners for the purposes of online advertising, as disclosed above in this California and Colorado Consumer Privacy Act Statement. Marriott also “sells” the Personal Data of Program members (but not non-members) to its co-branded credit card partners for purposes of marketing. The following details are disclosed in this California and Colorado Consumer Privacy Act Statement, above, under the section titled “Personal Data We Collect, Disclose, Share, and Sell”:

 

  • Categories of Personal Data sold to third parties; 
  • Categories of Personal Data, including Sensitive Data, processed for purposes of targeted advertising; and 
  • Categories of third parties that will receive members’ Personal Data, including Sensitive Personal Data.

 

When a Program member purchases a timeshare property from MVW, Marriott receives information from MVW so that the MVW Owners can receive various program benefits, including Elite Status Upgrades, Elite Night Credits for their timeshare stays, and the ability to convert their timeshare interest into Program points. In addition, Personal Data received from Marriott’s credit card partners may include information for servicing and facilitating the Program member’s point earnings through use of the credit card. Marriott may also receive the member’s category level spend (e.g., how much the member spent on groceries) and information that may assist in presenting relevant ads to our members and non-members.

 

If you are a California or Colorado resident and opted out of our “sale” of your Personal Data before you joined the Program, you will need to opt out again once you are a member, if you do not wish for Marriott to “sell” your Personal Data. To do so, click on “Your Privacy Rights” or call 1-800-218-9316.

 

We estimate the value of a member’s Personal Data to Marriott International, solely for purposes of the CCPA and pursuant to the valuation options mandated by the CCPA regulations, to be on average approximately $0.49 per consumer in 2022. This estimate is not specific to any individual consumer and varies per consumer. We have based this good faith estimate on the value that arises from our commercial relationships and the collection and retention of the Personal Data of consumers who have voluntarily signed up and chosen to remain in the Program. The value of Program benefits to members varies significantly as individual members take advantage of Program benefits to varying degrees.

 

You may join the Program on our website, at a participating property, or through another enrollment channel in line with the Bonvoy Program Terms & Conditions.

 

Members who are California or Colorado residents may exercise their privacy rights (i.e., the rights to know, to request deletion, and to opt out of the sale of Personal Data) without any effect on their membership status or eligibility to receive rewards, and Program members who exercise their privacy rights under U.S. State laws receive the same benefits as members who do not. A member may also choose not to receive marketing updates or offers at any time without any effect on their membership status or eligibility to receive Program benefits.

 

You may cancel your membership at any time by notifying Member Support at:

 

Marriott Guest Services 
910 West Legacy Center Way, Suite 100
Midvale, UT 84047

 

Or by fax to: 1-801-468-4033.
Or by visiting: How Can I Cancel My Marriott Bonvoy® Account

 

CONTACT US

 

If you have questions or concerns about this California and Colorado Privacy Statement, you may contact us at privacy@marriott.com, or by mail:


Marriott International, Inc.
Global Compliance, Privacy
7750 Wisconsin Avenue
Bethesda, MD 20814