U.S. Consumer Privacy Statement
Last Updated: December 12, 2024
Pursuant to applicable U.S. state Consumer data privacy laws, such as the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the "CCPA"), and the Colorado Privacy Act (the "CPA"), the Marriott Group is providing the following details regarding the categories of Personal Data (also called “personal information” under several U.S. laws) about Consumers that we collect, use, and disclose. This U.S. Consumer Privacy Statement (“Privacy Statement”) supplements the Marriott Group Global Privacy Statement and applies only to residents of U.S. states that have a currently enacted Consumer privacy law (“Consumers”). Terms not defined in this Privacy Statement have the meanings given to them in the Marriott Group Global Privacy Statement.
PERSONAL DATA WE COLLECT, DISCLOSE, SHARE, AND SELL
The following chart details the categories of Personal Data about Consumers that we collect, as well as the categories of Personal Data we have collected and disclosed for operational business purposes in the preceding 12 months. The chart also details the categories of Personal Data that we “sell” or “share” for purposes of cross-context behavioral or targeted advertising, including within the preceding 12 months.
For purposes of this Privacy Statement, “sold” or “sale” may include the disclosure of Personal Data for monetary or other valuable consideration but does not include, for example, the transfer of Personal Data as an asset that is part of a merger, bankruptcy, or other disposition of all or any portion of our business. It also does not include certain “Authorized Licensees” where those entities are our affiliates as defined under certain U.S. state Consumer privacy laws and such laws exempt disclosures of Personal Data to affiliates from their definition of “sale”. For the categories below, Marriott “sells” or “shares” the Personal Data solely for the purposes of Marketing, Advertising, Promotions, Contests & Third-Party Products.
Categories of Personal Data | Categories of Third Parties to Whom Personal Data Has Been Disclosed for Operational Business Purposes | Categories of Third Parties to Whom Personal Data Has Been Sold | Categories of Third Parties to Whom Personal Data Has Been Shared for Cross-Context Behavioral or Targeted Advertising | Processing Purposes (see “Why We Collect Your Data (Legal Basis)” in the Marriott Group Global Privacy Statement) for a description of the Processing Purposes) |
Identifiers, such as name, nationality, passport, visa or other government-issued ID, and online identifiers |
|
|
|
|
Personal information, as defined in the California safeguards law, such as name, contact information, government-issued ID, and financial information |
|
|
|
|
Characteristics of protected classifications under California or federal law, such as gender, age, medical conditions, primary language, national origin, citizenship, and marital status |
|
|
|
|
Commercial information, such as transaction information, purchase history, financial details, payment methods, and membership or loyalty program data |
|
|
|
|
Biometric information |
|
N/A – Marriott does not sell this data |
N/A – Marriott does not sell this data |
|
Internet or network activity information, such as browsing history and interactions with our and other websites and computer systems |
|
|
|
|
Geolocation data, such as device location and approximate location derived from IP address |
|
|
|
|
Audio, electronic, visual, and similar information, such as images and audio, video or call recordings created in connection with our business activities |
|
N/A – Marriott does not sell this data |
N/A – Marriott does not share this data |
|
Inferences drawn from any of the Personal Data listed above to create a profile or summary about, for example, an individual’s preferences and characteristics |
|
|
|
|
Sensitive Personal Data Personal Data that reveals an individual’s Social Security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, citizenship, immigration status, or union membership; the contents of mail, email, and text messages unless the Marriott Group is the intended recipient of the communication; genetic data;
|
|
N/A – Marriott does not sell this data | N/A – Marriott does not share this data |
|
USE OF PERSONAL DATA
Marriott collects, uses, sells, shares, or otherwise discloses the Personal Data listed above (apart from Sensitive Personal Data) to operate, manage, and maintain our business, to provide our products and services, for vendor management purposes, and to accomplish our business purposes and objectives, including, for example, using Personal Data to: develop, improve, and maintain our products and services; personalize, advertise, and market our products and services; conduct research, analytics, and data analysis; maintain our facilities and infrastructure; undertake quality and safety assurance measures; conduct risk and security control and monitoring; detect and prevent fraud; perform identity verification; perform accounting, audit, and other internal functions, such as internal investigations; comply with law, legal process, and internal policies; maintain records; and exercise and defend legal claims.
Subject to your consent where required by applicable law, we collect, use, and disclose Sensitive Personal Data for purposes of: performing services for our business; providing goods or services as requested by you; ensuring safety, security and integrity; countering malicious, deceptive, fraudulent, or illegal actions; fulfilling short-term transient uses, such as displaying first party, non-personalized advertising; order processing and fulfillment servicing accounts and providing customer service; verifying customer information; processing payments; providing financing; activities relating to quality and safety control or product improvement; and other collection and processing that is not for the purpose of inferring characteristics about an individual. We do not use Sensitive Personal Data beyond these purposes.
We do not knowingly “sell” or “share” the Personal Data, including the Sensitive Personal Data, of individuals under the age of 18.
We may also use and disclose Personal Data to a third party in the context of any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
RETENTION PERIODS AND POLICIES
We retain Personal Data for as long as needed or permitted in light of the purpose(s) for which it was collected. The criteria used to determine our retention periods and policies include:
- The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services and for as long as necessary to satisfy the terms of the Bonvoy program);
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); and
- Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation, or regulatory investigations).
INDIVIDUAL RIGHTS
Overview of Individual Rights
If you are a Consumer, you may make the following requests, subject to applicable law:
Request to Know. You may request to know whether we process your Personal Data and to access such Personal Data. You may request to receive the specific pieces or a copy of your Personal Data, including, where applicable, a copy of the Personal Data you provided to us in a portable format.
If you are a California Consumer, you may also request that we disclose to you the following information:
- The categories of Personal Data we collected about you and the categories of sources from which we collected such Personal Data;
- The business or commercial purpose for collecting, selling, or sharing (if applicable) Personal Data about you;
- The categories of Personal Data about you that we sold or “shared” and the categories of third parties to whom we sold or “shared” such Personal Data (if applicable); and
- The categories of Personal Data about you that we otherwise disclosed, and the categories of third parties with whom we disclosed such Personal Data (if applicable).
If you are an Oregon Consumer, you may also request that we disclose the categories of Personal Data we process about you and the third parties to whom we have disclosed your Personal Data. If you are a Delaware Consumer, you may also request that we disclose to you the categories of third parties to whom we disclosed your Personal Data.
Request to Delete. You may request that we delete your Personal Data.
Request to Correct. You may request that we correct inaccuracies in your Personal Data.
Request to Opt-Out of Sale, Targeted Advertising, and/or Sharing. You may request to opt-out of the “sale” of your Personal Data and/or targeted advertising, including the “sharing” of your Personal Data for cross-context behavioral advertising purposes.
Request to Appeal. As permitted by applicable law, you may appeal a decision regarding a request related to the rights noted above within a reasonable period after you have received a refusal notice.
How You Can Request to Know, Delete, Correct, Appeal, or Opt-Out of Sale, Targeted Advertising, and/or Sharing of Your Personal Data
To make a Request to Know, Delete, or Correct, please contact us via our Individual Rights Portal here↗ or call 1-800-218-9316. We may request information from you in order to verify your request, such as your name, email address, postal address, phone number, or loyalty number, and then use that information to match it with information we already have. We may also ask you for additional identifiers such as your date of birth or the last four digits of your credit card if we need additional information to verify your identity. We will respond to your request consistent with applicable law.
To opt-out of the “sale” of your Personal Data and/or targeted advertising, including the “sharing” of your Personal Data for cross-context behavioral advertising purposes, please visit the “Your Privacy Choices” page. We also process opt-out preference signals, such as the Global Privacy Control. These signals only affect the opt-out preferences for the particular browser or device you are using. For information about how to use the Global Privacy Control, please visit https://globalprivacycontrol.org/.
To Request an Appeal to a prior Individual Rights Request, contact us at privacy@marriott.com, by phone at 1-800-218-9316, or through an active open request via our Individual Rights Request Portal here↗.
You have the right to be free from unlawful discrimination for exercising your rights under applicable law.
Authorized Agents. If you would like an authorized agent to submit a request on your behalf as permitted under applicable law, the agent may do so by using the submission methods noted above. Upon receipt of a request by an agent, Marriott may ask the Consumer for written, signed permission that the agent has been authorized by the Consumer to act on their behalf. Once written authorization is provided, Marriott will open a request for the Consumer in the portal. Marriott will respond directly to the individual email address provided by the authorized agent regarding the fulfillment of the request, and not in a platform or portal. Marriott will respond to a request by an agent consistent with applicable law.
CALIFORNIA PRIVACY RIGHTS REQUEST METRICS
Between January 1 and December 31, 2023, Marriott received the following requests from Consumers identifying themselves as California residents:
CALIFORNIA NOTICE OF FINANCIAL INCENTIVE / COLORADO BONA FIDE LOYALTY PROGRAM
CCPA’s implementing regulations define a “financial incentive” as a program, benefit, or other offering “related to the collection, deletion, or sale of personal information.” Likewise, the CPA’s implementing rules define a “Bona Fide Loyalty Program” as a program “established for the genuine purpose of providing discounts, rewards, or other actual value” to members that voluntarily participate in the program. Marriott International offers guests the opportunity to participate in the Marriott Bonvoy Loyalty Program (the “Program”), which may provide benefits, including discounted rates on stays, as well as the opportunity to earn points that can be redeemed for discounted or free stays or other items, to those who choose to join. Those benefits are described along with other material terms and conditions here. Our collection of members’ Personal Data (including name, zip code, email address, and other Personal Data as described above under “Personal Data We Collect, Disclose, Share, and Sell”) allows Marriott to operate the Program and provide membership benefits. Marriott uses the Personal Data of Program members, including their stay details, to both award and redeem points. Otherwise, the types of Personal Data that we collect from Program members are generally similar to the types of Personal Data that we collect from individuals who are not Program members. The amount of Personal Data that we collect from a member or non-member may vary and is dependent on the level of interactions and engagement that the member or non-member has with Marriott.
Marriott seeks to ensure that both members and non-members have a memorable and enjoyable experience when staying at a Marriott hotel. For this reason, in connection with a hotel stay, Marriott may collect information from both members and non-members related to their personal preferences, as described in the section titled “The Data We Collect” in the Marriott Group Global Privacy Statement. Program members can organize their Personal Data and preferences as part of their Program profile. For example, a Program profile may include address, phone, month and day of birth, and gender, as well as room options, stay preferences, and communication preferences.
Marriott may also collect Personal Data about Program members through its Partner Programs, as defined in Marriott’s Loyalty Program Terms & Conditions, as well as through Linked Accounts, such as with airline frequent flyer programs or retail or cruise partners, as explained in the Marriott Group Global Privacy Statement. When a Program member engages with a Partner Program or has a Linked Account, Marriott receives information necessary to facilitate point redemptions or earnings. The partner benefits available to a member depends on the level and interactions from that member.
Marriott "sells," as the term is defined under the CCPA, Personal Data of both Program members and non-members to Advertising Partners and Authorized Licensees for the purposes of marketing and online advertising, as disclosed above in this Privacy Statement. The following details are disclosed in this Privacy Statement, above, under the section titled “Personal Data We Collect, Disclose, Share, and Sell”:
- Categories of Personal Data sold to third parties;
- Categories of Personal Data, including Sensitive Data, processed for purposes of targeted advertising; and
- Categories of third parties that will receive members’ Personal Data, including Sensitive Personal Data.
For example, when a Program member purchases a timeshare property from Marriott Vacations Worldwide (“MVW”), Marriott receives information from MVW so that the MVW Owners can receive various program benefits, including Elite Status Upgrades, Elite Night Credits for their timeshare stays, and the ability to convert their timeshare interest into Program points. In addition, Personal Data received from Marriott’s credit card partners may include information for servicing and facilitating the Program member’s point earnings through use of the credit card. Marriott may also receive the member’s category level spend (e.g., how much the member spent on groceries) and information that may assist in presenting relevant ads to our members and non-members.
If you are a California or Colorado resident and opted out of our “sale” of your Personal Data before you joined the Program, you will need to opt out again once you are a member, if you do not wish for Marriott to “sell” your Personal Data. To do so, click on “Your Privacy Choices” or call 1-800-218-9316.
We estimate the value of a member’s Personal Data to Marriott International, solely for purposes of the CCPA and pursuant to the valuation options mandated by the CCPA regulations, to be on average approximately $0.54 per Consumer in 2023. This estimate is not specific to any individual Consumer and varies per Consumer. We have based this good faith estimate on the value that arises from our commercial relationships and the collection and retention of the Personal Data of Consumers who have voluntarily signed up and chosen to remain in the Program. The value of Program benefits to members varies significantly as individual members take advantage of Program benefits to varying degrees.
You may join the Program on our website, at a participating property, or through another enrollment channel in line with the Bonvoy Program Terms & Conditions.
Members who are California or Colorado residents may exercise their privacy rights (i.e., the rights to know, to request deletion, and to opt out of the sale of Personal Data) without any effect on their membership status or eligibility to receive rewards, and Program members who exercise their privacy rights under U.S. State laws receive the same benefits as members who do not. A member may also choose not to receive marketing updates or offers at any time without any effect on their membership status or eligibility to receive Program benefits.
You may cancel your membership at any time by notifying Member Support at:
Marriott Guest Services
910 West Legacy Center Way, Suite 100
Midvale, UT 84047
Or by fax: 1-801-468-4033.
Or by visiting: How Can I Cancel My Marriott Bonvoy® Account
CONTACT US
If you have questions or concerns about this California and Colorado Privacy Statement, you may contact us at privacy@marriott.com, or by mail:
Marriott International, Inc.
Global Compliance, Privacy
7750 Wisconsin Avenue
Bethesda, MD 20814