Skip to Content

Marriott Data Privacy Framework Guest Privacy Statement


Last Updated: January 31, 2024


Marriott International, Inc. and the U.S. affiliates listed at the end of this Statement (“Marriott U.S.”) have created this Data Privacy Framework Privacy Statement to help you learn about how we handle Guest Personal Data that we receive from the European Economic Area (the “EEA”), the United Kingdom (U.K.), Gibraltar, and Switzerland under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the U.K. Extension to the EU-U.S. DPF (which includes Gibraltar, hereinafter referred to as “the U.K.”), and the Swiss-U.S. Data Privacy Framework (collectively “DPF”). This DPF Privacy Statement supplements the Marriott Group Global Privacy Statement. Unless specifically defined differently in this Statement, the capitalized terms in this DPF Privacy Statement have the same meaning as in the Marriott Group Global Privacy Statement.


Marriott U.S. has certified to the U.S. Department of Commerce that it adheres to the DPF Principles with regard to the processing of Personal Data received from the EEA, the U.K., Gibraltar, and Switzerland in reliance on the DPF. More information about the DPF, including the list of certified organizations, can be found at↗.



Marriott U.S. may receive Personal Data from entities in the EEA, the U.K., and Switzerland such as:


  • Name
  • Gender
  • Postal address
  • Telephone number
  • Email address
  • Financial information (such as credit and debit card number or other payment data)
  • Language preference
  • Date and place of birth
  • Nationality, passport, visa or other government-issued identification data
  • Important dates, such as birthdays, anniversaries, and special occasions
  • Membership or loyalty program data (including co-branded payment cards, travel partner program affiliations)
  • Employer details (for business-related bookings)
  • Travel itinerary, tour group, or activity data
  • Prior guest stays or interactions (including interactions via our automated chat functionalities), goods and services purchased, special service and amenity requests
  • Social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts


In more limited circumstances, we may also collect:


  • Data about family members and companions, such as names and ages of children
  • Biometric data
  • Financial information
  • Images and video and audio data via: (a) security cameras located in public areas, such as hallways and lobbies, in our properties; and (b) body-worn cameras carried by our loss prevention officers and other security personnel
  • “Stay Preferences,” including information about your interests and other relevant information we learn about you during your stay, such as likes and dislikes about our services and specific dietary, health restrictions, or personal needs to ensure your wellbeing
  • “Personal Preferences,” including what type of activities you prefer to take part in when staying with us and your hobbies




Any Personal Data sent to us may be used by Marriott U.S. and its Service Providers for the purposes indicated in the Marriott Group Global Privacy Statement. If we intend to use your Personal Data for a purpose that is materially different from these purposes or if we intend to disclose it to a third party (a non-agent) not previously disclosed, we will notify you and offer you the opportunity to opt-out of such uses and/or disclosures where it involves Personal Data or opt-in where Sensitive Personal Data are involved.




As more fully described in the Marriott Group Global Privacy Statement, Personal Data may be disclosed to the following:


  • Marriott Group
  • Franchisees
  • Owners
  • Homes and Villas Property Management Companies 
  • Authorized Licensees & Select Authorized Licensees 
  • On-Property and/or Travel Partners 
  • Linked Accounts and Travel Insurance
  • Promotional Activity
  • eFolio Program
  • Service Providers
  • To a third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings)




We sometimes contract with other companies and individuals to perform functions or services on our behalf such as spas and restaurants within our hotels, website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services. They may have access to Personal Data needed to perform their functions but are restricted from using the Personal Data for purposes other than providing services for us or to us. Marriott U.S. requires that its Service Providers that have access to Personal Data received from the EEA, the U.K., and Switzerland provide the same level of protection as required by the DPF Principles. We are responsible for ensuring that our Service Providers process the Personal Data in a manner consistent with our obligations under the DPF Principles.




We use reasonable physical, electronic, and administrative safeguards to protect your Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into account the nature of the Personal Data and the risks involved in processing that information.




We limit the collection and use of Personal Data to the information that is relevant for the purposes of processing and will not process Personal Data in a way that is incompatible with the purposes for which the information has been collected or subsequently authorized by you. We take reasonable steps to ensure the Personal Data are reliable for their intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Data.




You can ask to review, correct, or delete Personal Data that we maintain about you by filling out this form↗ on or by contacting us at




If you have any questions or concerns, please write to us at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the DPF Principles.


If we are unable to resolve your complaints or disputes, you may contact JAMS DPF Dispute Resolution↗, an alternative dispute resolution provider based in the U.S., and they will investigate and assist you, free of charge, in resolving your complaint.


As further explained in the DPF Program Principles↗, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. Marriott U.S. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).




We may need to disclose Personal Data in response to lawful requests by public authorities for law enforcement or national security reasons or when such action is necessary to comply with a judicial proceeding or court order, or when otherwise required by law.




If you have any questions regarding this Data Privacy Framework Privacy Statement, please contact us by email at, or please write to the following address:


Marriott International, Inc.
Global Compliance, Privacy
7750 Wisconsin Avenue
Bethesda, MD 20814
United States of America




This Statement may be changed from time to time, consistent with the requirements of the DPF Program. You can determine when this Policy was last revised by referring to the "LAST UPDATED" legend at the top of this page. Any changes to our Statement will become effective upon our posting of the revised Statement on the Site.




Marriott International Administrative Services, Inc.
Marriott Rewards, Inc.
Marriott Payment Services, LLC