LAST UPDATED: January 1, 2023
CALIFORNIA CONSUMER PRIVACY ACT STATEMENT ADDENDUM TO ASSOCIATE PERSONAL DATA PRIVACY STATEMENT
Pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the “CCPA”), the Marriott Group is providing the following additional details regarding the categories of Personal Data about California associates (also called "personal information" uder the CCPA) that we collect, use, and disclose. This CCPA Addendum suppliments our Associate Privacy Statement.
COLLECTION AND DISCLOSURE OF PERSONAL DATA
The following chart details which categories of Personal Data we collect and process, as well as which categories of Personal Data we disclose to third parties for our operational business and employment purposes, including within the 12 months preceding the date this CCPA Addendum was last updated.
Categories of Personal Data |
Disclosed to Which Categories of Third Parties for Operational Business Purposes |
Identifiers, such as name, contact information, unique personal identifiers, IP address, online identifiers, and government-issued identifiers (e.g., Social Security number or National ID, driver’s license number, passport number
|
Our affiliates; service providers that provide services such as payroll, benefits, consulting, training, expense management, medical/health, IT, insurance carriers, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
Personal information as defined in the California customer records law, such as name, contact information, Social Security number, passport number medical, insurance, financial, education and employment information, physical characteristics or description
|
Our affiliates; service providers that provide services such as payroll, benefits, consulting, training, expense management, medical/health, insurance carriers, IT, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
Protected Class Information, such as characteristics of protected classifications under California or federal law, such as gender, disability status, status as a protected veteran, age, medical conditions, primary language, national origin, citizenship, immigration status, and marital status |
Our affiliates; service providers that provide services such as payroll, benefits, consulting, training, expense management, medical/health, IT, insurance carriers, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
Commercial Information, such as transaction information and purchase history, such as travel expenses |
Our affiliates; service providers that provide services such as payroll, benefits, consulting, training, expense management, medical/health, IT, insurance carriers, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
Biometric Information, such as fingerprints, voiceprints, faceprints, and iris or retina scans |
Service providers that provide services such as medical/health, IT, and other services; public and governmental authorities, such as regulatory authorities and law enforcement |
Internet or network activity information, such as access and usage information regarding websites, applications and systems, information about online communications, including browsing and search history, timestamp information, and access and activity logs |
Our affiliates; service providers that provide services such as payroll, benefits, consulting, training, expense management, medical/health, IT, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
Geolocation Data, such as device location and approximate location derived from IP address or company-issued device |
Our affiliates; service providers that provide services such as payroll, benefits, consulting, training, expense management, medical/health, IT, insurance carriers, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
Audio/Video Data. Audio, electronic, visual and similar information, such as call and video recordings, including voicemail and security camera footage, information about the use of electronic devices and systems, key card usage, and photos on websites or in company directories |
Our affiliates; service providers that provide services such as payroll, benefits, consulting, training, expense management, medical/health, IT, insurance carriers, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
Education Information subject to the federal Family Educational Rights and Privacy Act such as student records and directory information |
Our affiliates; service providers that provide services such as payroll, benefits, consulting, training, expense management, medical/health, IT, insurance carriers, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
Employment Information. Professional or employment-related information, such as work history and prior employer, information from reference checks, background screening information, employment application, membership in professional organizations, personnel files, personal qualifications and training, eligibility for promotions and other career-related information, work preferences, business expenses, wage and payroll information, work authorization, E-Verify status, benefit information, information on leaves of absence or PTO, and performance reviews, and information on internal investigations |
Our affiliates; service providers that provide services such as payroll, benefits, consulting, training, expense management, medical/health, IT, insurance carriers, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
Sensitive Personal Information. · Personal Data that reveals an individual’s government identification, such as, but not limited to, driver’s license, state identification, social insurance, national identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, citizenship, immigration status, or union membership; the contents of mail, email, and text messages unless the Marriott Group is the intended recipient of the communication; genetic data; · The processing of biometric information for the purpose of uniquely identifying an individual; · Personal Data collected and analyzed concerning an individual’s health; · Personal Data collected and analyzed concerning an individual’s sex life or sexual orientation. |
Our affiliates; service providers that provide services such as payroll, benefits, consulting, training, expense management, medical/health, IT, insurance carriers, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
We may also disclose the above categories of Personal Data to a third party in the context of any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
We do not “sell” or “share” your Personal Data, including your Sensitive Personal Information, as defined under the CCPA. We have not engaged in such activities in the 12 months preceding the date this CCPA Addendum was last updated. Without limiting the foregoing, we do not “sell” or “share” the Personal Data, including the Sensitive Personal Information, of minors under 16 years of age.
Purposes for the Collection and Use of Sensitive Personal Information
We may use Sensitive Personal Information for purposes of performing services for our business, providing services as requested by you, and ensuring the security and integrity of our business, infrastructure, and the individuals we interact with. This includes, without limitation, establishing and maintaining your employment relationship with us, ensuring the diversity of our workforce, complying with legal obligations, managing payroll and corporate credit card use, administering and providing benefits, and securing the access to, and use of, our facilities, equipment, systems, networks, applications, and infrastructure.
Individual Requests
You may, subject to applicable law, make the following requests:
1. You may request that we disclose to you the following information:
a. The categories of Personal Data we collected about you and the categories of sources from which we collected such Personal Data;
b. The specific pieces of Personal Data we collected about you;
c. The business or commercial purpose for collecting Personal Data about you; and
d. The categories of Personal Data about you that we disclosed and the categories of third parties to whom we disclosed such Personal Data.
2. You may request to correct inaccuracies in your Personal Data.
3. You may request to have your Personal Data deleted.
We will not unlawfully retaliate against you for making an individual request. To make a request, please initiate your request with your local Human Resources representative or contact us at 1-833-900-mHUB (6482). We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Data subject to the request. We may need to request additional Personal Data from you, such as but not limited to email and personnel number, in order to verify your identity and protect against fraudulent requests. If you maintain a password-protected account with us, we may verify your identity through our existing authentication practices for your account and require you to re-authenticate yourself before disclosing or deleting your Personal Data.
Authorized Agents
If an agent would like to make a request on your behalf as permitted by applicable law, the agent may email privacy@marriott.com or contact us at contact us at 1-833-900-mHUB (6482). As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described in the section entitled “Individual Requests” or confirm that you provided the agent permission to submit the request.
