ROYALE SOCIETY HOSPITALITY - PRIVACY POLICY
This Privacy Policy describes how Royale Society Hospitality, LLC (the "Site", "we", "us", "our" or “Royale Society Hospitality”) collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from www.1royale.com (the "Site") or otherwise communicate with us (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.
Please read this Privacy Policy carefully. By using and accessing any of the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use or access any of the Services.
1. INFORMATION WE PROCESS:
We may collect or process the following types of information about you. The specific information we collect about you will vary depending on how you interact with us.
a. Contact information and personal identifiers, such as your name, address, email address, telephone number, and username or social media handle.
b. Device identifiers, such as information about your device like your MAC address, IP address, or other online identifiers.
c. Physical characteristics, such as your hair type and color, skin type, and eye color.
d. Biometric information, such as facial geometry if you use certain of our virtual try-on applications.
e. Commercial information, such as the products or services you have purchases, returned or considered, and your product preferences.
f. Payment information, such as your method of payment and payment card information (including payment card number, delivery address and billing address).
g. Identity verification information, such as photo identification, loyalty member ID, and authentication information (like passwords).
h. Online or network activity information, such as information regarding your interaction with our websites, mobile applications, digital properties, and advertisements, information about your browsing and search history on our websites or mobile applications, and log file information like your browser type and webpages you visit.
i. Geolocation information, such as information that can help identify your physical location (like your GPS coordinates or the approximate location of your device).
j. Audio and visual information, such as recordings of your voice when you call our customer service.
k. Professional or employment-related information, such as professional licenses or certifications in connection with our professional programs.
l. User Content, such as your communications with us or any other content you provide (including photographs and images, videos, reviews, articles, survey responses, and comments).
m. Inferences drawn from or created based on any of the information identified above.
2. HOW WE COLLECT INFORMATION:
We may collect personal information about you from various sources. For example:
a. Directly from you, such as when you make a purchase on our website, contact us with a question or complaint, use one of our mobile applications or= chat with an automated virtual agent or live person on one of our websites, create an account on one of our websites, register for one of our brand loyalty programs or marketing lists, respond to a survey, participate in a contest or other promotion, make an appointment or sign-up to attend an event.
b. From your friends or family members, such as when your friend or family member purchases our services for you.
c. When you interact with our website or emails. When you visit our website, or when you open or click on emails we send you, we (and third parties we work with) may automatically collect information from your browser or device, such as device identifiers and online and other network activity information using technologies such as cookies, pixel tags, and similar technologies. Cookies are small text files that websites place on your Internet-connected device to uniquely identify your browser or to store information or settings in your browser. Pixel tags are small images which are embedded into our websites or emails. We use pixel tags to collect information about your browser or device, how you interact with our websites, or whether you open or click on the emails we send you. Pixel tags also enable us (and third parties we work with) to place cookies on your browser.
d. From our business partners and service providers, such as demographic companies, analytics providers, advertising companies and networks, third party retailers and distributors, and other third parties that we choose to collaborate or work with.
e. From social media platforms and networks, such as Facebook, Instagram, Twitter, Pinterest, and Google. For example, we may obtain your information from a social media platform or network if you interact with us on social media or choose to log-in our website using your social media credentials.
We may combine the information we obtain from the above sources. For example, we may combine information we collect in our stores with information we collect online.
3. HOW WE USE INFORMATION:
We may use the information we have about you:
a. To provide products and services to you, such as fulfilling orders and processing payments, creating, servicing and/or maintaining your account or loyalty program membership, identifying concerns and assisting with product recommendations, providing real time support via our automated virtual agent and live person chat feature on one of our websites and maintaining a transcript of the chat, and managing current or past purchases.
b. To communicate with you, including to respond to your inquiries or complaints, and to help you place an order.
c. To administer your participation in special events, contests, sweepstakes, surveys or promotions.
d. For marketing and advertising, such as to send you postal mail, text messages, email, push notifications or other messages, show you advertisements for products and/or services tailored to your interests on social media and other websites.
e. To operate and understand your use of our websites and mobile applications, such as to remember your information so you do not have to re-enter it, understand your preferred method of purchasing with us; determine what browser and devices you use to visit our websites or mobile applications; and to evaluate and improve our services, advertisements, websites and mobile applications. For example, we use Google Analytics on our websites. For specific details on how Google collects and uses your personal information when we use its services, please visit: How Google Uses Information From Sites Or Apps That Use Our Services.
f. To operate and improve our business, including to conduct analytics, provide quality assurance and process adverse event or product related claims, conduct research and development, and perform accounting, auditing and other internal business functions.
g. For legal and security purposes, such as to detect, prevent, and prosecute harmful, fraudulent, or illegal activity, loss prevention, identify and repair bugs on our websites or mobile applications, and to comply with applicable legal requirements, relevant industry standards and our policies.
We also may use your information in other ways for which we provide specific notice at the time of collection.
4. HOW WE SHARE INFORMATION:
We may share your personal information with:
a. Our Brands. When you interact with a Brand, we may share your personal information with other Brands. Those other Brands may use your personal information for marketing and advertising and other purposes identified in this Privacy Policy.
b. Our Subsidiaries and Affiliates. We may transfer your personal information to our subsidiaries and affiliates on a need-to-know basis for the purposes identified in this Privacy Policy.
c. Service Providers. We may transfer personal information to service providers who perform services on our behalf based on our instructions. We do not authorize these service providers to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. Examples of these service providers include entities that process credit card payments, fulfill orders, and that provide website and application functionality, hosting, analytics, customer support including through automated virtual agent and live person chat, advertising and marketing services.
d. Parties to a corporate transaction. We also reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution, or liquidation).
e. Advertising Companies. We work with third party advertising companies (such as advertising networks) to serve advertisements on our behalf.
f. Other third parties. In addition, we may disclose personal information about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials, (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity, (iv) when disclosure of your personal information is otherwise required or permitted by law, or (v) with your consent (such as third-party salons, spas and third-party retailers).
5. HOW YOU CONTROL YOUR INFORMATION:
a. Data Subject Rights: Depending on local laws, you may have rights with respect to your personal information. For example, you may be able to request access to the personal information we maintain about you, update and correct inaccuracies in your personal information, and have the personal information deleted or transmitted to a third-party. We may take reasonable steps to verify your identity when you make a request. You may also have the right to lodge a complaint with a data protection authority.
b. Marketing & Advertising Preferences: Your online account may offer you the ability to edit your marketing preferences. You can also opt-out of receiving marketing communications (such as email, postal mail or text messages) by following the unsubscribe instructions sent within our Web Site. When you unsubscribe from our marketing communications, we will no longer use the related personal information (such as your email address or phone number) for targeted advertising purposes.
c. Mobile Device & Browser Preferences: Depending on your mobile device or web browser, we may request your location or request to send you push notifications. You can edit your preferences using the settings on your device.
d. Cookie Preferences: You can choose how certain cookies are used in connection with our websites. You can edit your cookie preferences at any time by editing your browser settings or selecting the “Manage Cookies” or “Do Not Sell or Share My Personal Information / Target Ads” link available at the bottom of our Brand websites. For additional details see the “How We Use Cookies” section below.
6. HOW WE USE COOKIES:
Like many websites, we use Cookies on our Site. Cookies are small text files that websites place on your Internet-connected device to uniquely identify your browser or to store information or settings in your browser which allows us to remember you when you come back to our websites and provide you with personalized experiences and advertisements. We may also permit third parties and services providers to use Cookies on our Site to better tailor the services, products and advertising on our Site and other websites. We use different types of cookies on our websites, which may include strictly necessary cookies, performance cookies, functional cookies and targeting cookies. Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls.
You can edit your preferences by accessing the “Manage Cookies” or “Do Not Sell or Share My Personal Information / Target Ads” link at the bottom of each of our Web Site or by editing your browser settings. When editing your cookie preferences, please note that your settings only apply to the browser you use to submit your opt-out request, so if you use multiple browsers or devices, you must opt-out on each browser, on each device. Your opt-out is enabled using cookies so once you opt-out, if you delete your browser’s saved cookies on a device, you will need to opt-out again on that browser on that device.
Our websites are not designed to respond to “do not track” signals from browsers.
7. USER GENERATED CONTENT:
The Services may enable you to post product reviews and other user-generated content. If you choose to submit user generated content to any public area of the Services, this content will be public and accessible by anyone.
We do not control who will have access to the information that you choose to make available to others, and cannot ensure that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available, or for the accuracy, use or misuse of any information that you disclose or receive from third parties.
8. THIRD PARTY WEBSITES AND LINKS:
We may use, disclose or otherwise process your personal information to advertise our products and services in different ways, including targeted advertising. We work with third party advertising companies (such as advertising networks) to serve advertisements on our behalf. These advertising companies may use cookies, pixel tags and similar technologies to collect device identifiers, online or network activity information, commercial information, or inferences, such as information about the websites you visit over time and the advertisements you click on to deliver advertisements that are targeted to you. You can opt-out of cookie-based advertising based on your visits to our sites by editing your cookie preferences as described in the How We Use Cookies section. Please note that even if you opt-out, you may still see ads from us, but the ads will not be targeted based on the websites you visit over time and the advertisements you click on and may therefore be less relevant to you and your interests.
We also work with third-party platforms, including platforms operated by social networks, to show you advertisements or measure the effectiveness of our advertisements. We may convert your email address, telephone number, or other information into a unique value and have these third-party platforms match this unique value with a user on their platform or with other data they may have. This matching enables us to deliver advertisements to you and others on these platforms.
9. INTERNATIONAL DATA TRANSFERS:
We are headquartered in the United States and may share your information with service providers and other recipients in the United States and worldwide. If you are located in a region with laws governing data collection and use that may differ from U.S. law, please note that we may transfer personal data to a country and jurisdiction that does not have the same data protection laws as your jurisdiction. We use appropriate transfer mechanisms where required.
10. HOW WE PROTECT INFORMATION:
We maintain administrative, technical, and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, or use. We restrict access to personal information on a need-to-know basis to employees and authorized service providers who require access to fulfil their job requirements.
11. HOW LONG WE RETAIN INFORMATION:
There are many factors that we use to determine how long personal information is retained, such as:
a) the purposes for which the personal information was collected, including to provide our products and services;
b) your marketing preferences and how you engage with our Brands;
c) any legal or regulatory requirements that apply to the personal information; and
d) whether the personal information may be relevant to us in protecting our own rights (e.g. applicable limitation periods).
12. CHILDREN’S DATA:
The Services are not intended to be used by children, and we do not knowingly collect any personal information about children. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.
As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we “share” or “sell” (as those terms are defined in applicable law) personal information of individuals under 16 years of age.
13. SECURITY AND RETENTION OF YOUR INFORMATION:
Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.
How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide the Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.
14. YOUR RIGHTS AND CHOICES:
Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.
a) Right to Access / Know. You may have a right to request access to personal information that we hold about you, including details relating to the ways in which we use and share your information.
b) Right to Delete. You may have a right to request that we delete personal information we maintain about you.
c) Right to Correct. You may have a right to request that we correct inaccurate personal information we maintain about you.
d) Right of Portability. You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
e) Restriction of Processing: You may have the right to ask us to stop or restrict our processing of personal information.
f) Withdrawal of Consent: Where we rely on consent to process your personal information, you may have the right to withdraw this consent
g) Appeal: You may have a right to appeal our decision if we decline to process your request. You can do so by replying directly to our denial.
h) Managing Communication Preferences: We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.
You may exercise any of these rights where indicated on our Web Site or by contacting us using the contact details provided below.
We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or account information, before providing a substantive response to the request. In accordance with applicable laws, You may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request in a timely manner as required under applicable law.
15. UPDATES TO OUR PRIVACY POLICY:
We reserve the right to revise this Privacy Policy from time to time. We will post changes on this page and indicate the “Effective Date” at the top of this page. Please check back often for any updates. You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and that your continued use of our Services after any change in this Privacy Policy will constitute your acceptance of such change.
16. COMPLAINTS:
If you have complaints about how we process your personal information, please contact us using the contact details provided below. If you are not satisfied with our response to your complaint, depending on where you live you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with your local data protection authority.
17. STATE ESPECIFIC DISCLOSURES:
California Residents
This section applies solely to California residents and supplements our Privacy Policy above.
Collection and Disclosure of Personal Information
We may collect and disclose or may have collected and disclosed your personal information to certain categories of third parties, as described below.
Category
Disclose to Third Parties
Contact information and personal identifiers
We may disclose or may have disclosed this information to:
Our Brands
Our Subsidiaries and Affiliates
Service Providers
fraud detection providers
law enforcement authorities or other government officials where required or permitted by law
Device Identifiers
We may disclose or may have disclosed this information to:
Our Brands
Our Subsidiaries and Affiliates
Service Providers
fraud detection providers
law enforcement authorities or other government officials where required or permitted by law
Demographic information
We may disclose or may have disclosed this information to:
Our Brands
Our Subsidiaries and Affiliates
Service Providers
law enforcement authorities or other government officials where required or permitted by law
Physical characteristics
We may disclose or may have disclosed this information to:
Our Brands
Our Subsidiaries and Affiliates
Service Providers
law enforcement authorities or other government officials where required or permitted by law
Biometric information
We may disclose or may have disclosed this information to:
Service Providers
Commercial information
We may disclose or may have disclosed this information to:
Our Brands
Our Subsidiaries and Affiliates
Service Providers
fraud detection providers
law enforcement authorities or other government officials where required or permitted by law
Payment information
We may disclose or may have disclosed this information to:
Our Brands
Our Subsidiaries and Affiliates
Service Providers
fraud detection providers
law enforcement authorities or other government officials where required or permitted by law
Identity verification information
We may disclose or may have disclosed this information to:
Our Brands
Our Subsidiaries and Affiliates
Service Providers
fraud detection providers
law enforcement authorities or other government officials where required or permitted by law
Online or network activity information
We may disclose or may have disclosed this information to:
Our Brands
Our Subsidiaries and Affiliates
Service Providers
fraud detection providers
law enforcement authorities or other government officials where required or permitted by law
Geolocation information
We may disclose or may have disclosed this information to:
Our Brands
Our Subsidiaries and Affiliates
Service Providers
fraud detection providers
law enforcement authorities or other government officials where required or permitted by law
Audio and visual information
We may disclose or may have disclosed this information to:
Our Brands
Our Subsidiaries and Affiliates
Service Providers
law enforcement authorities or other government officials where required or permitted by law
Professional or employment related information
We may disclose or may have disclosed this information to:
Our Brands
Our Subsidiaries and Affiliates
Service Providers
law enforcement authorities or other government officials where required or permitted by law
Health and medical information
We may disclose or may have disclosed this information to:
Our Brands
Our Subsidiaries and Affiliates
Service Providers
law enforcement authorities or other government officials where required or permitted by law
User Content
We may disclose or may have disclosed this information to:
Our Brands
Our Subsidiaries and Affiliates
Service Providers
law enforcement authorities or other government officials where required or permitted by law
Inferences
We may disclose or may have disclosed this information to:
Our Brands
Our Subsidiaries and Affiliates
Service Providers
law enforcement authorities or other government officials where required or permitted by law
In addition to the purposes set forth in the “How We Use Information” and “How We Share Information” sections set forth and above, we collect and may disclose this personal information for the following business or commercial purposes:
To audit our interactions with you to ensure compliance with applicable law and to measure the effectiveness of our products, services, and advertisements;
To detect, prevent, and prosecute harmful, fraudulent, or illegal activity;
To identify and repair bugs on our websites or mobile applications;
To provide services, such as customer service, order fulfillment, and payment processing, which we either conduct or engage service providers to conduct on our behalf;
For research and development;
To further our business goals, including to advertise our products and services; and
For quality assurance.
Collection and Use of Sensitive Personal Information
We may collect certain categories of personal information that may be used to infer characteristics about consumers. Some of these categories used to infer characteristics about consumers may be considered “sensitive personal information” under California law, such as health and medical information like your skincare concerns, and demographic information like your ethnicity. In addition to the purposes set forth above, we use this information to further our business goals, such as to advertise our products and services or provide personalized product recommendations.
Sale or Sharing of Personal Information
We do not sell or share your personal information for monetary consideration. Certain advertising practices, such as those described in the How We Use Information to Advertise section, may be considered a “sale” under California law when the personal information is exchanged for non-monetary consideration. You have the right to opt out of these types of disclosures of your information. We may “sell” or “share” (or may have “sold” or “shared”) the following categories of personal information to the third parties listed below:
Category
Sold to or shared with Third Parties
Contact Information and personal Identifiers
Device identifiers
Online or network activity information
Commercial information
Inferences
We may sell or share or may have sold or shared this information to:
Advertising companies
Our Brands
We do not have actual knowledge that we sell or share the personal information of minors under 16 years of age. We do not sell or share sensitive personal information.
Financial Incentives
We may offer you various financial incentives such as discounts and special offers when you provide us with contact information and identifiers such as your name, email address and/or mobile phone number. When you sign-up for one of our brand loyalty programs, marketing lists or other discounts and special offers, you opt-in to a financial incentive. You may withdraw from a financial incentive at any time by opting out from the brand marketing communications for which you initially signed-up for, or closing your brand loyalty member account. Generally, we do not assign monetary or other value to personal information, however, California law requires that we assign such value in the context of financial incentives. In such context, the value of the personal information is related to the estimated cost of providing the relevant financial incentive(s) for which the information was collected.
Your Rights
If you are a California resident, you have the right to:
Request, twice in a 12-month period, access to the personal information we have collected, used, disclosed, and sold or shared about you,
Deletion of the personal information we have collected from you (subject to certain exceptions),
Correction of the personal information we maintain about you, if that information is inaccurate,
Limitation of our use and disclosure of sensitive personal information used for inferring characteristics about you,
Opt-out of the sale of your personal information or sharing of your personal information for cross-context behavioral advertising purposes.
You can exercise your rights by contacting us at Privacy@1royale.com. Before processing your request, we will take reasonable steps to verify your identity, which will include verifying that the email address from which you submit the request matches the email address we maintain on file for you. To ensure you are the owner of the email address, you must respond to a confirmation email that we will send to such email address. In some cases, we may ask that you provide additional information to verify your identity. You may also designate an authorized agent to make a request on your behalf. The authorized agent will be required to provide proof that they have been authorized to act on your behalf. If the authorized agent does not provide such proof, you will be required to confirm your identity and the authenticity of the request.
To opt-out of the sale or sharing of your personal information for cross-contextual behavioral advertising purposes, you must also edit your preferences using the “Do Not Sell or Share My Personal Information / Target Ads” link at the bottom of each our Brand websites. You may also use the Global Privacy Control signal. For more information about the Global Privacy Control, visit https://globalprivacycontrol.org/.
We will not discriminate against you on account of your exercise of your California privacy rights.
If you would like us to read this Privacy Policy to you, please contact us using the information provided in the “Contact Us” Section of this Privacy Policy.
Colorado, Connecticut and Virginia Residents
This section applies solely to Colorado, Connecticut, and Virginia residents and supplements our Privacy Policy above.
If you are a Colorado, Connecticut, or Virginia resident, you have the right to:
request access to, or correction or deletion of, your personal information; or
opt out of the processing of your personal information for targeted advertising purposes or the sale of your personal information. Certain advertising practices, such as those described in the How We Use Information to Advertise section, may be deemed targeted advertising or a “sale” under some state laws.
You can exercise your rights by contacting Privacy@1royale.com Before processing your request, we will take reasonable steps to verify your identity, which will include verifying that the email address from which you submit the request matches the email address we maintain on file for you. To ensure you are the owner of the email address, you must respond to a confirmation email that we will send to the email address. In some cases, we may ask that you provide additional information to verify your identity. You may appeal our decision with respect to a request you have submitted by contacting us at Privacy@1royale.com.
To opt-out of the processing of your personal information for targeting advertising purposes or the sale of your personal information, you must also edit your preferences using the “Do Not Sell or Share My Personal Information / Target Ads” link at the www.1royale.com/contact
Illinois Residents
This section applies solely to Illinois residents and supplements our Privacy Policy above.
As indicated in our Privacy Policy, we may collect biometric information such as facial geometry if you use certain of our virtual try-on applications. For Illinois residents who provide us with biometric information (such as during use of our virtual try-on apps), in accordance with Illinois state law, we will retain biometric information only until the occurrence of the first of the following:
The initial purpose for collecting or obtaining such biometric information has been satisfied, or
Three years following your last interaction with us.
Utah Residents
This section applies solely to Utah residents and supplements our Privacy Policy above.
If you are a Utah resident, you have the right to:
request access to your personal information;
request the deletion of personal information you have provided to us;
opt-out of the processing of your sensitive information; or
opt out of the processing of your personal information for targeted advertising purposes or the sale of your personal information. Certain advertising practices, such as those described in the How We Use Information to Advertise section, may be deemed targeted advertising.
You can exercise your rights by contacting Privacy@1royale.com. Before processing your request, we will take reasonable steps to verify your identity, which will include verifying that the email address from which you submit the request matches the email address we maintain on file for you. To ensure you are the owner of the email address, you must respond to a confirmation email that we will send to the email address. In some cases, we may ask that you provide additional information to verify your identity.
To opt-out of the processing of your personal information for targeting advertising purposes or the sale of your personal information, you must also edit your preferences using the “Do Not Sell or Share My Personal Information / Target Ads” by ______________________________.
Florida Residents
Florida Civil Code Section § 1798.83 permits users of our Website that are Florida residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to Privacy@1royale.com.
18. YOUR DATA PROTECTION RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR):
Royale Society Hospitality is based in the United States. We make no claims that the Web Site or any of its content is accessible or appropriate outside of the United States. If you access the Web Site from outside the United States, you do so on your own initiative and are responsible for compliance with local laws. However, as a courtesy to the Users of our Website, that are residents of the European Economic Area (EEA), we make sure to be compliant with the requirements thereof.We take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Information. If you wish to be informed about what Personal Information we hold about you that you want to be removed from our systems, you can contact our Data Protection Officer using the Contact Us Section of this Policy.
In certain circumstances, you have the following data protection rights:
a) The right to access, update or delete your information. You can access, update or request deletion of your Personal Information directly within your account settings. If you are unable to perform these actions yourself, please contact us to assist you.
b) The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
c) The right to object. You have the right to object to our processing of your Personal Information.
d) The right of restriction. You have the right to request that we restrict the processing of your personal information.
e) The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
f) The right to withdraw consent. You also have the right to withdraw your consent at any time where we previously relied on your consent to process your personal information.
Users, who are residents of the European Economic Area (EEA) have the right to object to the Company processing their Personal Information based on legitimate interests, direct marketing (including profiling), and processing for scientific and/or historical research and statistics purposes. Where a User objects to the Company processing their Personal Information based on its legitimate interests, the Company shall cease such processing immediately, unless it can be demonstrated that the Company’s legitimate grounds for such processing override the User’s interests, rights, and freedoms, or that the processing is necessary for the conduct of legal claims. Where a User objects to the Company processing their Personal Information for direct marketing purposes, the Company shall cease such processing immediately. Where a User objects to the Company processing their Personal Information for scientific and/or historical research and statistics purposes, the User must, under the GDPR, “demonstrate grounds relating to his or her particular situation”. The Company is not required to comply if the research is necessary for the performance of a task carried out for reasons of public interest.
19. SUBJECT ACCESS REQUESTS AS PER THE GDPR
Royale Society Hospitality is based in the United States. We make no claims that the Web Site or any of its content is accessible or appropriate outside of the United States. If you access the Web Site from outside the United States, you do so on your own initiative and are responsible for compliance with local laws. However, as a courtesy to the Users of our Website, that are residents of the European Economic Area (EEA), we make sure to be compliant with the requirements thereof.We take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Information. If you wish to be informed about what Personal Information we hold about you that you want to be removed from our systems, you can contact our Data Protection Officer using the Contact Us Section of this Policy.
Users who are residents of the European Economic Area (EEA), may make subject access requests (“SARs”) at any time to find out more about the Personal Information which the Company holds about them, what it is doing with that Personal Information, and why. Users wishing to make a SAR may do so in writing and the SARs should be addressed to our Data Protection Officer using the Contact Us Section of this Policy. Responses to SARs shall normally be made within one month of receipt, however this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, the User shall be informed. All SARs received shall be handled by the Company’s Data Protection Officer. The Company does not charge a fee for the handling of normal SARs. The Company reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a User, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive. Please note that we may ask you to verify your identity before responding to such requests.
20. DATA BREACH NOTIFICATION AS PER THE GDPR
Royale Society Hospitality is based in the United States. We make no claims that the Web Site or any of its content is accessible or appropriate outside of the United States. If you access the Web Site from outside the United States, you do so on your own initiative and are responsible for compliance with local laws. However, as a courtesy to the Users of our Website, that are residents of the European Economic Area (EEA), we make sure to be compliant with the requirements thereof.We take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Information. If you wish to be informed about what Personal Information we hold about you that you want to be removed from our systems, you can contact our Data Protection Officer using the Contact Us Section of this Policy.
All Personal Information breaches must be reported immediately to the Company’s Data Protection Officer. If a Personal Information breach occurs and that breach is likely to result in a risk to the rights and freedoms of Users (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the Data Protection Officer must ensure that the Information Commissioner’s Office is informed of the breach without delay, and in any event, within 72 hours after having become aware of it. In the event that a Personal Information breach is likely to result in a high risk to the rights and freedoms of Users, the Data Protection Officer must ensure that all affected Users are informed of the breach directly and without undue delay. Data breach notifications shall include the following information:
a) The categories and approximate number of Users concerned.
b) The categories and approximate number of Personal Information records concerned.
c) The name and contact details of the Company’s data protection officer (or other contact point where more information can be obtained).
d) The likely consequences of the breach.
e) Details of the measures taken, or proposed to be taken, by the Company to address the breach including, where appropriate, measures to mitigate its possible adverse effects.
21. LAWFUL, FAIR, AND TRANSPARENT DATA PROCESSING AS PER THE GDPR:
Royale Society Hospitality is based in the United States. We make no claims that the Web Site or any of its content is accessible or appropriate outside of the United States. If you access the Web Site from outside the United States, you do so on your own initiative and are responsible for compliance with local laws. However, as a courtesy to the Users of our Website, that do fall under the jurisdiction of the GDPR, we make sure to be compliant with the requirements thereof.If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Information. If you wish to be informed about what Personal Information we hold about you that you want to be removed from our systems, you can contact our Data Protection Officer using the Contact Us Section of this Policy.
The GDPR seeks to ensure that Personal Information is processed lawfully, fairly, and transparently, without adversely affecting the rights of the User. The GDPR states that processing of Personal Information shall be lawful if at least one of the following applies:
a) The User has given consent to the processing of their Personal Information for one or more specific purposes.
b) The processing is necessary for the performance of a contract to which the User is a party, or in order to take steps at the request of the User prior to entering into a contract with them.
c) The processing is necessary for compliance with a legal obligation to which the data controller is subject.
d) The processing is necessary to protect the vital interests of the User or of another natural person.
e) The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. or
f) The processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the User which require protection of Personal Information, in particular where the User is a child.
If the Personal Information in question is “special category data” (also known as “sensitive Personal Information”) (for example, data concerning the User’s race, ethnicity, politics, religion, trade union membership, genetics, biometrics (if used for ID purposes), health, sex life, or sexual orientation), at least one of the following conditions must be met:
a) The User has given their explicit consent to the processing of such data for one or more specified purposes (unless EU or EU Member State law prohibits them from doing so).
b) The processing is necessary for the purpose of carrying out the obligations and exercising specific rights of the data controller or of the User in the field of employment, social security, and social protection law (insofar as it is authorized by EU or EU Member State law or a collective agreement pursuant to EU Member State law which provides for appropriate safeguards for the fundamental rights and interests of the User).
c) The processing is necessary to protect the vital interests of the User or of another natural person where the User is physically or legally incapable of giving consent.
d) The data controller is a foundation, association, or other non-profit body with a political, philosophical, religious, or trade union aim, and the processing is carried out in the course of its legitimate activities, provided that the processing relates solely to the members or former members of that body or to persons who have regular contact with it in connection with its purposes and that the Personal Information is not disclosed outside the body without the consent of the Users.
e) The processing relates to Personal Information which is clearly made public by the User.
f) The processing is necessary for the conduct of legal claims or whenever courts are acting in their judicial capacity.
g) The processing is necessary for substantial public interest reasons, on the basis of EU or EU Member State law which shall be proportionate to the aim pursued, shall respect the essence of the right to data protection, and shall provide for suitable and specific measures to safeguard the fundamental rights and interests of the User.
h) The processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of an employee, for medical diagnosis, for the provision of health or social care or treatment, or the management of health or social care systems or services on the basis of EU or EU Member State law or pursuant to a contract with a health professional, subject to the conditions and safeguards referred to in Article 9(3) of the GDPR.
i) The processing is necessary for public interest reasons in the area of public health, for example, protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of EU or EU Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the User (in particular, professional secrecy). or
j) The processing is necessary for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) of the GDPR based on EU or EU Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection, and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the User.
22. ERASURE OF USERS’ PERSONAL INFORMATION AS PER THE GDPR:
Royale Society Hospitality is based in the United States. We make no claims that the Web Site or any of its content is accessible or appropriate outside of the United States. If you access the Website from outside the United States, you do so on your own initiative and are responsible for compliance with local laws. However, as a courtesy to the Users of our Website, that do fall under the jurisdiction of the GDPR, we make sure to be compliant with the requirements thereof.
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Information. You have the right to request that the Company erases the Personal Information it holds about them in the following circumstances:
a) It is no longer necessary for the Company to hold that Personal Information with respect to the purpose(s) for which it was originally collected or processed.
b) The User wishes to withdraw their consent to the Company holding and processing their Personal Information.
c) The User objects to the Company holding and processing their Personal Information (and there is no overriding legitimate interest to allow the Company to continue doing so).
d) The Personal Information has been processed unlawfully.
e) The Personal Information needs to be erased in order for the Company to comply with a particular legal obligation
Unless the Company has reasonable grounds to refuse to erase Personal Information, all requests for erasure shall be complied with, and the User informed of the erasure, within one month of receipt of the User’s request. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the User shall be informed. In the event that any Personal Information that is to be erased in response to a User’s request has been disclosed to third parties, those parties shall be informed of the erasure (unless it is impossible or would require disproportionate effort to do so).
23. RECTIFICATION OF USERS’ DATA AS PER THE GDPR:
Royale Society Hospitality is based in the United States. We make no claims that the Web Site or any of its content is accessible or appropriate outside of the United States. If you access the Web Site from outside the United States, you do so on your own initiative and are responsible for compliance with local laws. However, as a courtesy to the Users of our Website, that do fall under the jurisdiction of the GDPR, we make sure to be compliant with the requirements thereof.
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Information. You have the right to request that the Company rectify the Personal Information it holds about them in the following circumstances:
a) Users have the right to require the Company to rectify any of their Personal Information that is inaccurate or incomplete.
b) The Company shall rectify the Personal Information in question, and inform the User of that rectification, within one month of the User informing the Company of the issue. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the User shall be informed.
c) In the event that any affected Personal Information has been disclosed to third parties, those parties shall be informed of any rectification that must be made to that Personal Information.
24. CONTACT US: Please contact us with any questions or comments about this Privacy Policy at:
Royale Society Hospitality, LLC
340 SE 3rd St., Apt 1905
Miami, FL 33131
+1 (773) 698-9152