LAST UPDATED: July 9, 2020

Marriott International, Inc. and the U.S. affiliates listed at the end of this Policy(“Marriott U.S.”) have created this Privacy Shield Privacy Policy to help you learn about how we handle Guest Personal Data that we receive from our affiliates, Owners and Franchisees and Homes and Villas Property Management Companies located in the European Economic Area (the “EEA”), the United Kingdom (U.K), and Switzerland under the Privacy Shield program. This Privacy Shield Privacy Policy supplements the Marriott Group Global Privacy Statement. Unless specifically defined differently in this Policy, the capitalized terms in this Privacy Shield Privacy Policy have the same meaning as in the Marriott Group Global Privacy Statement.

Marriott U.S. has subscribed to the EU-U.S. and Swiss-U.S. Privacy Shield programs (“Privacy Shield”) and is committed to adhering to the Privacy Shield Principles, which include the Supplemental Principles (collectively, the “Principles”) for all Guest Personal Data received from the EEA, the U.K., and Switzerland. More information about Privacy Shield can be found at: Opens in a new browser and the list of certified organizations can be found at: Opens in a new browser.

Personal Data Received From the EEA, the U.K., and Switzerland

Marriott U.S. may receive Personal Data from entities in the EEA, the U.K., and Switzerland such as:

  • Name
  • Gender
  • Postal address
  • Telephone number
  • Email address
  • Credit and debit card number or other payment data
  • Language preference
  • Date and place of birth
  • Nationality, passport, visa or other government-issued identification data
  • Important dates, such as birthdays, anniversaries and special occasions
  • Membership or loyalty program data (including co-branded payment cards, travel partner program affiliations)
  • Employer details
  • Travel itinerary, tour group, or activity data
  • Prior guest stays or interactions, goods and services purchased, special service and amenity requests
  • Social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts

In more limited circumstances, we may also collect:

  • Data about family members and companions, such as names and ages of children
  • Biometric data
  • Financial information
  • Images and video and audio data via: (a) security cameras located in public areas, such as hallways and lobbies, in our properties; and (b) body-worn cameras carried by our loss prevention officers and other security personnel
  • Guest preferences and personalized data (“Preferences”), such as your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit

Use of Personal Data

Any Personal Data sent to us may be used by Marriott U.S. and its Service Providers for the purposes indicated in the Marriott Group Global Privacy Statement. If we intend to use your Personal Data for a purpose that is materially different from these purposes or if we intend to disclose it to a third party not previously disclosed, we will notify you and offer you the opportunity to opt-out of such uses and/or disclosures where it involves Personal Data or opt-in where Sensitive Personal Data is involved.

Disclosures to Affiliates and Third Parties

As more fully described in the Marriott Group Global Privacy Statement, Personal Data may be disclosed to the following:

  • Marriott Affiliates
  • Franchisees
  • Owners
  • Homes and Villas Property Management Companies
  • Authorized Licensees
  • On-Property and/or Travel Partners
  • Strategic Business Partners
  • Linked Accounts and Promotional Activity
  • eFolio Program

And to third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

Disclosures to Service Providers

We sometimes contract with other companies and individuals to perform functions or services on our behalf such as spas and restaurants within our hotels, website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services. They may have access to Personal Data needed to perform their functions but are restricted from using the Personal Data for purposes other than providing services for us or to us. Marriott U.S. requires that its Service Providers that have access to Personal Data received from the EEA, the U.K., and Switzerland provide the same level of protection as required by the Privacy Shield Principles. We are responsible for ensuring that our Service Providers process the Personal Data in a manner consistent with our obligations under the Principles.

Data Security

We use reasonable physical, electronic, and administrative safeguards to protect your Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data and the risks involved in processing that information.

Data Integrity and Purpose Limitation

We limit the collection and use of Personal Data to the information that is relevant for the purposes of processing and will not process Personal Data in a way that is incompatible with the purposes for which the information has been collected or subsequently authorized by you. We take reasonable steps to ensure the Personal Data is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Data.

Access to Personal Data

You can ask to review, correct, or delete Personal Data that we maintain about you by filling out this form Opens in a new browser on or by contacting us at

Privacy Shield Enforcement and Dispute Resolution

If you have any questions or concerns, please write to us at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Privacy Shield Principles.

If we are unable to resolve your complaints or disputes, you may contact JAMS and they will investigate and assist you, free of charge, in resolving your complaint. Please refer to: Opens in a new browser for more information.

As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. Marriott U.S. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Disclosures Required By Law

We may need to disclose Personal Data in response to lawful requests by public authorities for law enforcement or national security reasons or when such action is necessary to comply with a judicial proceeding or court order, or when otherwise required by law.

Contact Information

If you have any questions regarding this Privacy Shield Privacy Policy, please contact us by email at, or please write to the following address:

Marriott International, Inc.
Global Compliance, Privacy
10400 Fernwood Road
Bethesda, MD 20817
United States of America

Privacy Policy Changes

This Policy may be changed from time to time, consistent with the requirements of the Privacy Shield. You can determine when this Policy was last revised by referring to the "LAST UPDATED" legend at the top of this page. Any changes to our Policy will become effective upon our posting of the revised Policy on the Site.

Marriott U.S. entities covered by this Policy

Marriott Hotel Services, Inc.
Marriott International Administrative Services, Inc.
Marriott Rewards, Inc.
Marriott Worldwide Reservation Services, LLC
Starwood Hotels & Resorts Management Company, LLC
Starwood Hotels & Resorts Worldwide, LLC
Starwood Reservations LLC
The Ritz-Carlton Hotel Company, LLC
Galaxy Hotel Systems LLC