Grand Sierra Resort and Casino

Privacy Policy

Effective and Last Updated: Wednesday, July 01, 2020

Click on any of the links below to access a specific section of this Privacy Policy:

Introduction

We at the Grand Sierra Resort recognize that privacy is important. This Privacy Policy explains our practices regarding Personal Information that we collect from you or about you during our interactions with you, whether online or offline. What we mean when we refer to “Personal Information” is explained in the Information We Collect section of this Privacy Policy.

We collect your Personal Information through:

  • this website
  • our mobile applications
  • through written or verbal communications or interactions with us, including email and other electronic submissions
  • when you visit our hotel, casino, or our property, including independently owned or operated venues within them (collectively, the “Resort”),
  • your participation in our loyalty, rewards, players club, or similar programs (collectively “Guest Programs”)
  • your participation in our marketing events, contests, promotions, or customer surveys (collectively, “Promotional Events”)
  • interaction with third parties such as marketing partners with whom we have marketing relationships with or service providers who assist us in performing core services such as reservations, billing, data storage, security, credit card processing, credit reporting, customer service, customer relations, and communications management, and property management
  • through other sources such as our advertising and applications on third-party websites or services

The sources or points of collection of Personal Information described above are referred to together in this Privacy Policy as “Touch Points.”

Note: This Privacy Policy applies to our processing of Personal Information on behalf of and subject to the instructions of third parties such as airlines, car rental companies, companies that organize or offer packaged travel arrangements, marketing partners, other service providers, or corporate customers.

Your Acknowledgment

Please read this Privacy Policy carefully to understand our practices regarding your Personal Information. If you do not agree with our practices, your choices are either (1) not to use, access, visit, or participate in our Touch Points or (2) limit the Personal Information you provide. However, if you choose not to provide certain Personal Information, you may not be able to participate in a particular activity, realize a benefit we may offer, or access or receive certain content, functionalities, events, or services because the information is required for those matters.

BY USING, ACCESSING, OR VISITING ANY TOUCH POINTS OR BY AGREEING TO THIS PRIVACY POLICY WHEN YOU REGISTER TO USE, ACCESS OR VISIT ANY TOUCH POINTS, YOU ACKNOWLEDGE THAT WE MAY COLLECT, STORE, USE, AND SHARE YOUR PERSONAL INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY.

This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of our website or any of the other Touch Points after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

Special Notices for EEA Residents and California Residents

Local laws regarding privacy vary. Some jurisdictions place restrictions on our collection, processing, and use of Personal Information or provide additional rights to residents of those jurisdictions. Our practices with respect to residents of those jurisdictions may be more limited and the rights of those residents may be broader than those described in this Privacy Policy.

If you are a resident of the European Economic Area (EEA), please see Appendix A – EEU GDPR Privacy Notice for additional information regarding our use of your Personal Information and your rights.

If you are a resident of the State of California, please see Appendix B – California CCPA Privacy Notice for additional information regarding our use of your Personal Information and your rights. To learn more about your California privacy rights, visit https://oag.ca.gov/privacy/ccpa.

Information We Collect

We collect various types of information from and about you, including Personal Information.

Personal Information” is

  • Information that can be used to identify you, your household, or any of your devices that connect to the internet or to other devices (those devices are referred to collectively in this Privacy Policy as “Smart Devices” and as an example, include computers, smartphones, and tablets)
  • Information that on its own may not be able to identify you, your household, or your Smart Devices but when combined with another piece of information could identify, trace, or locate you. For example, your age alone may not identify you personally but when combined with your name it can be used to identify you.

By way of example only, Personal Information includes:

  • Information such as your name, postal or residence address, telephone number, email, internet protocol address, or any other identifier by which you may be identified or by which you may be contacted online or offline
  • Information such as your signature, social security number, driver’s license or state identification card number, passport number, physical description (e.g., age, race, color, marital status, gender), and similar data that may be used for identification purposes
  • Information about your education, employment, financial information (e.g., bank account number, credit card number, debit card number, and credit rating), medical or health information, and insurance information
  • Information regarding your purchasing history or tendencies including information related to your reservation, your guest preferences, your stay or visit, participation in Guest Program, participation in Promotional Events, records of products or services purchased or considered, and information about vehicles you bring to our Resort.
  • Information regarding your Smart Devices and internet connections such as your internet protocol address (“IP address”), capabilities and features of your Smart Devices, including the browser type and operating systems used
  • Information about your internet or network activity such as your browsing history, search history, cookies, and web beacons, and your interaction with a website, application, advertisement, or text messaging
  • Geolocation data such as physical location and movements.
  • Biometric information such as fingerprints, faceprints, the imagery of the retina or iris, and voice recordings.

How We Collect Information

We collect information through our Touch Points as follows:

  • Directly from you when you provide it to us, including:
    • Information that you provide when logging onto our website, booking a reservation online or joining Member Programs, including filling in forms or registering through any of them
    • Information that you provide during registration/check-in at Resort or while using services such as concierge, health club and spa, Wi-Fi services, entertainment, and other activities available at or through our Resort
    • Information that you provide when participating in Promotional Events
    • Information that you provide in connection with hotel or casino credit applications
    • Information that you provide when participating in our sponsored social media activities which may include location, activities, photos, friend lists, and status updates
    • Information that you provide when managing your profile online, including information related to preferences such as airlines, room types, language, amenities, or corporate account codes
    • Information that you provide when planning an event with us, such as specifics about the event, the number of guests, and yourself or your organization
    • Information captured by closed-circuit television or other security monitoring technologies in our property
    • Information you provide in any communication with us whether verbally, in writing, or electronically
    • Information that you provide when logging onto our website using other sign-ins (for example, Facebook Connect or Google Account) or social media applications
    • Information you provide in resumes or applications for employment at our Resort
  • Automatically when you use or navigate through our website, social media apps, or Wi-Fi service. As you use or navigate through those items, automatic data collection technologies collect certain information about your equipment, browsing actions, and patterns and other activity including:
    • Information regarding your visits to our website or use of or social media apps and Wi-Fi services including traffic data, location data, logs, and other communication data and the resources that you access and use.
    • Information about your Smart Devices and internet connection, including their Internet Protocol address (“IP” address), operating system, and browser type.
    • Information about the location of your Smart Devices (“Location Data”) which may include GPS coordinates (e.g., latitude and longitude) or similar information.

Automatically-collected information is often statistical data that on its own is not able to identify you, your household, or your Smart Devices (“Non-Personal Information”). We may share Non-Personal Information in a collective (“aggregated”) and anonymous (“de-identified”) way with third parties. However, if Non-Personal Information is ever combined with other information so as to allow you, your household, or your Smart Devices to be identified, the combined information will be treated as Personal Information and used and shared as described in this Privacy Policy.

The technologies we use for automatic data collection includes the use of:

    • Log file information is automatically reported by your browser or Smart Device each time you access a web page or mobile applications and our servers automatically record some of that information (the “Server Logs”). The information in the Server Logs relates to your Smart Devices and your use of our website or mobile applications, and may include anonymous information such as your web request, IP address, operating system, browser type, referring/exit pages and URLs, the number of clicks and how you interact with links on our website, domain names, landing pages, pages viewed, and other such information. The information contained in Server Logs is used to monitor, assess, manage, diagnose problems with, improve, and otherwise administer our website and mobile applications.
    • A small file placed on the hard drive of your Smart Device called a “cookie” or “browser cookie” or “flash cookie.” You may adjust the settings on your browser or certain applications to refuse to accept cookies. However, if you select that setting, you may not be able to access certain parts of our website. Unless you have adjusted your browser settings or other application settings to refuse cookies, our system will place cookies on your Smart Device when you visit our website. While some cookies are deleted when you close your browser, others remain after you close your browsing session. For more information on managing cookies visit www.allaboutcookies.org or www.aboutads.info/choices or search further online.
    • “Clear Gifs” (also known as web beacons) are used to track your online usage pattern. We also may use Clear Gifs in HTML-based emails sent to you to track which emails are opened and which links are clicked by recipients. You can disable the ability of Clear Gifs to track certain information by setting your browser to refuse certain Cookies. The information collected allows for more accurate reporting, monitoring, and improvement of our website and mobile applications.
    • “Universally Unique Identifiers (UUID) (“Unique Identifiers”) are small data files or similar data structures stored on or associated with your Smart Devices, which uniquely identify your Smart Devices. When you access our website or mobile applications by or through a mobile device we or our third-party business partners may access, assign, collect, monitor or remotely store one or more Unique Identifiers in connection with the device hardware, data stored in connection with the device’s operating system or other software, or data sent to the device by us. A Unique Identifier may convey information to us about how you browse and use our website or mobile applications and may also be used to help you log in faster and enhance your navigation through those services.
    • Advertising Identifiers” are unique strings associated with your Smart Devices provided by the operating system.
  • From third parties, including business partners (for example, airlines and payment card providers and processors, ticketing platforms, third-party booking platforms like Expedia), social media services providers, and other third-party sources that are lawfully allowed to share your data with us.

How We Use Your Personal Information

We use Personal Information that we collect about you or that you provide to us in a number of ways, including:

  • To provide and personalize the services, products, or information you request from us. For example: facilitating hotel accommodation, spa, dining, and entertainment reservations; and processing hotel or casino credit applications
  • To administer our Member Programs
  • To respond to your requests or questions about goods or services you have purchased
  • To confirm information such as registration for a contest, promotion, or sending you updates on reservations you may have made
  • To send messages via text, email, or web apps including push notifications to keep you updated on products, services, or reservation details
  • To conduct and notify you of marketing and sales promotions and for other marketing purposes. For example: conducting sweepstakes, prize draws, and other contests and undertaking interest-based advertising and other targeted promotions
  • To conduct customer satisfaction and quality assurance surveys and market research
  • To record gaming-related activity
  • To present our website and mobile applications and their contents to you, including validating your identity, verifying and responding to communications from you, and providing customer service
  • To prevent fraud and other prohibited or illegal activities, to investigate and resolve disputes and problems, and to comply with our obligations under applicable laws and regulations.
  • To protect our guests, employees, the public, website visitors, and our property and to respond to an emergency
  • To correct issues with our IT systems and website that affect the functionality
  • To evaluate our in persona and online interactions with you
  • To maintain our accounts and fulfill transactions, such as processing payments, extending credit, advertising or marketing, or similar services
  • To verify or improve the quality or safety of services we provide
  • To administer, optimize, assess, analyze, and secure our website and its functionality
  • To cross-reference, supplement, or combine with other information that we or our service providers have acquired about you through other sources, except where prohibited by applicable law
  • For research purposes
  • For other lawful purposes
  • For marketing purposes – for example, to send you information about specials promotions or offers, new features or products (whether our or those of our partners)
  • We also use and combine Non-Personal Information for lawful purposes.

How We Share Your Information

We may share your Personal Information with any third parties for any lawful purpose.

Unless otherwise prohibited by law, we may share Personal Information about you with the following types of third parties and for the following purposes:

  • Affiliated Companies: We may share your Personal Information with other companies affiliated or under common ownership with us, for example, other casinos, hotels, restaurants and other business ventures that are licensed, owned, operated, and/or managed by us or our related companies, who may use Personal Information for any of the purposes disclosed in or consistent with the terms of this Privacy Policy (including those identified in How We Use Your Information.)
  • Marketing Partners: We may share your Personal Information with our promotional partners and other business partners with whom we have marketing or other relationships for joint marketing purposes or the partners’ own marketing purposes.
  • Property Partners: We may share your information with independently owned or operated venues at or related to our Resort who may use your Personal Information to provide you with services at or related to those venues.
  • Service Providers: We may share your Personal with our service providers who assist us by performing core services (such as reservations, hosting, billing, fulfillment, data storage, security, processing credit card payments, customer service, credit reporting, property management, customer relationship management, “know-your-customer,” accounting, auditing, processing insurance claims, investigating accident reports, administering sweepstakes, surveys, email and mailing services, and delivering packages) related to the operation of our Resort, the provision of services at the Resort, the operation of our website and mobile applications, the processing and fulfillment of reservations or product orders, or by making certain website or mobile applications functionality available to our users.
  • Transactions: In the event of a sale, merger, consolidation, change in control, transfer of substantial assets, bankruptcy, reorganization, or liquidation of our business, we may transfer, sell or assign to third parties information concerning your relationship with us, including, your Personal Information and other information concerning your relationship with us. Any successor may use your information for the same purposes set forth in this Privacy Policy.
  • Legal: We may use your information to identify you and, where permitted or required by law, we will provide any information about or relating to you, including any Personal Information about you, to third parties without your consent if we reasonably believe that the action is necessary to: (a) comply with a court order, subpoena or other legal or regulatory requirements; (b) fulfill a government request for information; (c) protect or defend our legal rights or property, our Resort, our website or mobile applications, or other guests and online users; (d) respond to claims that any posting or other content of our website or mobile applications violates the rights of third parties, including providing information necessary to satisfy the notice and counter-notice procedures pursuant to the Digital Millennium Copyright Act; (e) in an emergency, to protect the health and safety of users of our website or mobile applications, our guests and visitors, or the general public; or (f) enforce compliance with our Terms of Use or other contracts. We will not disclose the amount of your specific gaming winnings or gaming losses to any third party unless required by applicable law, regulation, court order, or subpoena.
  • Other Purposes: We may share your Personal Information to fulfill the purpose for which you provided it and, with your consent, for any other purpose.

How We Protect Your Information

We will take reasonable measures to (a) protect Personal Information from unauthorized access, disclosure, alteration or destruction, and (b) keep Personal Information accurate and up-to-date as appropriate.

We maintain a PCI compliance program and an IT compliance program.

Unfortunately, despite the efforts described above, no security system or system of transmitting data over the Internet or electronically is guaranteed to be entirely secure.  We cannot and do not guarantee the security of any information you disclose or transmit to us via the Internet or by other electronic means, and are not responsible for the theft, destruction, or inadvertent disclosure of your Personal Information.

For your own privacy protection, we recommend that you do not include any particularly sensitive Personal Information such as passwords, social security numbers, credit card details, or bank account information, in any emails that you send to us. We will not contact you by email or text message to ask for that information.

If a data breach occurs, we will notify regulators or consumers as required by applicable laws or regulations.

How Long We Keep Your Information

We keep Personal Information about you for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or allowed by applicable law.

Generally: (a) we keep Personal Information collected related to guest reservations for seven years after the stay is completed, and (b) we retain other Personal Information for shorter periods of time if possible and if permitted by law.

We will destroy your Personal Information as early as practicable and in a way that the information may not be restored or reconstructed.

Changing and Accessing Your Personal Information

If you have registered on the Website, or are a member of our Guest Programs, you can log in to your account to change or update certain information and preferences to keep your data accurate, complete, and up-to-date.  You may also contact us as described in the Contact Information section to update or correct certain Personal Information.

We will respond to your request and, if applicable and appropriate, make the requested change in our active databases within a reasonable timeframe. Please remember that we may not be able to fulfill certain requests while allowing you access to certain benefits and features. Even if you unsubscribe from our marketing communications, you may continue to receive certain communications from us, such as transactional, customer service, or other relationship messages, messages about your account and profile, and emails in response to communications or requests for information that we receive from you.

Please also note that we may not be able to remove your Personal Information from the databases of third parties to whom we already provided your Personal Information as of the date of your opt-out request.

Your Choices Regarding Marketing Communications

If you have provided us with your contact information (and consent where required), we may contact you for marketing purposes such as sharing information about our services or inviting you to events or to participate in special promotions.  Those communications may be through postal mail, email, text messages, social media, mobile applications, and alerts, or other means.

We may provide you with options to set your preferences for receiving email communications from us; that is, you can agree to receive some communications but not others. At any time, you may also opt-out of receiving future commercial emails from us by following the “Unsubscribe” instructions contained in the commercial emails that you receive from us. You may also contact us as described in the Contact Information section of this Privacy Policy if you want to opt-out from receiving future marketing emails or correspondence.

If you are a Guest Program member, you may change the communications you receive from us by logging on to your Guest Program account and making the changes to your preferences or contact us as described in the Contact Information section of this Privacy Policy.

You can opt-out of receiving our marketing emails. To stop receiving our promotional emails, follow the instructions in any marketing email you get from us. You can also change your preferences in your account. It may take about ten days to process your request. Even if you opt-out of getting marketing emails, we will still be sure to send you transactional messages. For example, we may still contact you about your reservations or purchases.

You can modify the information you have given us. To correct or delete information or update account settings, log into your account, and follow the instructions. We make changes as soon as we can. This information may stay in our backup files. If we cannot make the changes you want, we will let you know and explain why. If you contact us requesting access to your information, we will respond within a reasonable period of time.

You can control cookies and tracking tools on your mobile device or web browser. For example, you can turn off the GPS locator or push notifications on your device.  Visit the help page of your device or browser for more information on how to control your privacy preferences.

Children’s Privacy

Our Website is not intended for persons under the age of 21. No one under age 21 may provide any Personal Information on the Website. In addition, we do not knowingly collect Personal Information from children under 18. If you are under 18, do not use or provide any information on this Website. If we learn we have collected or received Personal Information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us. A parent or guardian of a child under the age of 18 may request the deletion of the child’s Personal Information.

Links From Our Website and Use of Our Internet Services

Our Website may contain links to other sites and resources provided by third parties, including links contained in banner advertisements and sponsored links.  Those links are provided for your convenience only.

If you decide to access any of the third-party websites linked to our Website, please note:

  • Your access to those sites is entirely at your own risk and subject to the terms and conditions of use for those websites.
  • We do not control the contents of those sites or resources, and will not be responsible for them or for any loss or damage that may arise from your use of them.
  • We are not responsible for the collection, use, maintenance, sharing, or disclosure of data and information by those third parties. If you provide information on and use third-party sites, the privacy policy and terms of service on those sites are applicable. We encourage you to read the privacy policies of websites that you visit before submitting Personal Information.

We may also offer internet access to guests of our Resort through a third-party Internet provider. Your use of that internet service is subject to the internet provider’s terms of use and privacy policy. You may access those terms and policies using the links on the internet service sign-in page, or by visiting the internet provider’s website.

Changes to Our Privacy Policy

We may amend this Privacy Policy at our discretion and at any time. We will post the updated Privacy Policy on this website and update the Privacy Policy’s effective and last updated date. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Privacy Policy to check for any changes.

Contact Information

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your information, your choices and rights regarding that use, or wish to exercise your rights over your Personal Information, please contact us as follows:

    • Through our website
    • By email: Privacy@GrandSierraResort.com
    • By postal mail at the following address:
      Grand Sierra Resort and Casino
      Attn: Marketing Department – Privacy
      2500 E 2nd St
      Reno, NV 89595
      United States
    • By Toll-Free Phone (USA Only): 800-501-2651

    APPENDIX A – EEU GDPR Privacy Notice (“GDPR Notice“)

    OUR COMPLIANCE WITH ARTICLE 26 OF THE EUROPEAN UNION’S DATA PROTECTION DIRECTIVE (DIRECTIVE 95/46/EC, 1995 O.J. (L281) 31) ALSO KNOWN AS THE EU GENERAL DATA PROTECTION REGULATION (“GDPR”) IS VOLUNTARY.  WE DO NOT CONSENT OR SUBMIT TO THE JURISDICTION OF THE EUROPEAN UNION FOR ANY PURPOSE OR MATTER OF ANY KIND OR WAIVE ANY RIGHTS OR DEFENSES IN LAW OR EQUITY WITH RESPECT THERETO.

    Our website, mobile applications, and the services or products available through them are targeted primarily, but not exclusively for, users in the United States of America. Any information you enter on our website or mobile applications is transferred outside of the European Union to the United States of America which does not offer an equivalent level of protection to that required in the European Union.

    The United States of America uses a sectoral model of privacy protection that relies on a mix of legislation, governmental regulation, and self-regulation. Article26 of the European Union’s Data Protection Directive (Directive 95/46/EC, 1995 O.J. (L281) 31) also known as the EU General Data Protection Regulation (“GDPR”)  allows for the transfer of personal data from the European Union to a third country if the individual has unambiguously given his consent to the transfer of Personal Data, regardless of the third country’s level of protection.

    BY USING OUR WEBSITE, OUR MOBILE APPLICATIONS, OR OUR SERVICES, YOU CONSENT TO THE TRANSFER OF ALL PERSONAL DATA TO THE UNITED STATES OF AMERICA WHICH MAY NOT OFFER AN EQUIVALENT LEVEL OF PROTECTION TO THAT REQUIRED IN THE EUROPEAN UNION AND TO THE PROCESSING OF THAT INFORMATION BY US ON OUR SERVERS LOCATED IN THE UNITED STATES OF AMERICA AS DESCRIBED IN THIS PRIVACY POLICY.

    Your Data Protection Rights Under the GDPR

    If you are a resident of the European Economic Area (EEA), the GDPR provides you with certain data protection rights. GSR aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.  When used in this GDPR Notice, the term “Personal Data” means collectively, Personal Information, Unique Identifiers, Advertising Identifiers, and Location Data which you have provided to us or has otherwise been collected by us when you use or otherwise access our Touch Points.

    Under the GDPR you have certain data protection rights which are summarized in this Appendix A.  Some of the rights are complex, and not all of the details are included in our summaries. Therefore, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

    Your principal rights under data protection law are:

    • You may access, update, rectify, or delete your Personal Data
    • You may restrict the processing of your Personal Data:
    • You may request that we cease processing of your Personal Data
      • For marketing activities
      • For statistical purposes
      • Where the processing is based on our legitimate business interests, unless demonstrating a compelling legitimate business basis for the processing or we need to process your Personal Data to establish, exercise, or defend a legal claim or comply with the law
    • You may request a copy of the information we have on you in a structured, machine-readable, and commonly used format (“Data Portability”)
    • You may withdraw your consent at any time where we relied on your consent to process your Personal Data

    Please note that we may ask you to verify your identity before responding to requests in exercising your rights.

    You also have the right to complain to a Data Protection Authority (as defined in the GDPR) about our collection and use of your Personal Data. For more information, please contact your local data protection authority in EEA.

    Our legal basis for collecting and using your Personal Data depends on the Personal Data we collect and the specific context in which we collect it.  We may process your Personal Data because:

    • We need to perform a contract with you or fulfill services for you
    • You have given us permission to do so
    • The processing is in our legitimate interests and it’s not overridden by your rights
    • To comply with the law

    If you wish to be informed of what Personal Data we hold about you or if you want to exercise any of your rights under the GDPR, please contact us by following the procedures described in the Contact Information section of this Privacy Policy.

    APPENDIX B – California CCPA Privacy Notice

    This California CCPA Privacy Notice (“CCPA Notice”) supplements the information contained in our Privacy Policy and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). This CCPA Notice is provided in compliance with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws.  Any terms defined in the CCPA have the same meaning when used in this CCPA Notice.

    Information We Collect

    California Consumer Privacy Act.  If you are a California resident, you have specific privacy rights governed by the California Consumer Privacy Act (CCPA).  These rights include:

    Disclosure.  You have the right to request a report showing the personal information collected, shared, and sold about you in the past 12 months.

    Opt-Out. You have the right to opt-out to the sale of your personal information to third parties.

    Deletion. You have the right to request that we delete any personal information collected from you.

    Non-Discrimination. We shall not discriminate against you based on your exercise of any of the above rights.

    You may submit a request to enact any of the above rights by contacting us as described in the Contact Information section of this Privacy Policy. We may require additional information to verify your identity before responding to a CCPA rights request.  We will respond to your request within 45 days if possible and required under the law.

    Personal Information Collected on California Residents:

    • Names and Aliases
    • Physical Address
    • Phone Number
    • E-Mail Address
    • IP Address
    • Unique Identifiers
    • Interactions with Customer Service
    • Information about transactions made on our services
    • Fan Preferences and Attributes
    • Cookies/Web Beacons – We use tracking tools like browser cookies and web beacons. To learn more about these tools please refer to the APPENDIX C – Declaration of Cookies Utilized section of this Privacy Policy
    • Device Attributes

    Personal Information Disclosed for a Business Purpose or Sold About California Residents:

    Category Examples Collected Sold
    A. Identifiers A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. Yes No
    B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. Yes No
    C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). Yes No
    D. Commercial information. Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Yes No
    E. Biometric information. Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. Yes No
    F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. Yes No
    G. Geolocation data. Physical location or movements. Yes No
    H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. Yes No
    I. Professional or employment-related information. Current or past job history or performance evaluations. Yes No
    J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R .Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalfs, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. Yes No
    K. Inferences that are drawn from other Personal Information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Yes No
    L. Personal Information does not include: Publicly available information from government records; De-identified or aggregated consumer information; Information excluded from the CCPA’s scope, like Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; or Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994. Yes No

    We obtain the categories of Personal Information listed above from the following categories of sources:

    • Directly from our clients or their agents. For example, from documents that our clients provide to us related to the services for which they engage us.
    • Indirectly from our clients or their agents. For example, through information, we collect from our clients in the course of providing services to them.
    • Directly and indirectly from the activity on our website (www.grandsierraresort.com). For example, from submissions through our website portal or website usage details collected automatically.
    • From third-parties that interact with us in connection with the services we perform. For example, from government agencies when we prepare readiness assessments for projects that receive government funding.
    • Self-disclosed (e.g. Information provided when interacting with our products and services)
    • Business partners (e.g. Analytics companies, promoters, artists, fan clubs, sports teams, venue owners, etc.)
    • Data brokers (e.g. Marketing companies, advertising partners, etc.)
    • Technical service providers (e.g. Cloud service providers)

    Business or Commercial Purposes for Collecting or Selling Personal Information about California Residents:

    • Providing products and services
    • Event management
    • Market research and aggregated analytics
    • To prevent, detect, and manage unlawful behavior
    • Marketing
    • Client services
    • Staff administration

    Third Parties with Whom we Share Personal Information:

    • Business partners (e.g. Analytics companies, promoters, artists, fan clubs, sports teams, venue owners, etc.)
    • Data brokers (e.g. Marketing companies, advertising partners, etc.)
    • Technical service providers (e.g. Cloud service providers)

    Do Not Track. Our websites and apps are not designed to respond to “do not track” requests from browsers.

    Our sites and apps are not intended for children.

    Our sites and apps are meant for adults. We do not knowingly collect personal information from children under 13. If you are a parent or legal guardian and think your child under 13 has given us information, you can email us here. You can also write to us at the address listed at the end of this policy. Please mark your inquiries “COPPA Information Request.”

    Use of Personal Information

    We may use or disclose the Personal Information we collect for one or more of the following business purposes:

    • To fulfill or meet the reason for which the information is provided. For example, if you provide us with Personal Information in order for us to prepare a tax return, we will use that information to prepare the return and submit it to the applicable taxing authorities.
    • To provide you with information, products, or services that you request from us.
    • To provide you with email alerts, event registrations, and other notices concerning our products or services, or events or news, that may be of interest to you.
    • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
    • To improve our website and present its contents to you.
    • For testing, research, analysis, and product development.
    • As necessary or appropriate to protect the rights, property, or safety of us, our clients, or others. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
    • As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
    • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us is among the assets transferred.

    We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

    Sharing Personal Information

    We may share or disclose your Personal Information to a third party for a business purpose or sell your Personal Information subject to your right to opt-out of those sales (See Deletion Request Rights section of this CCPA Notice). When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract. The CCPA prohibits third parties who purchase the Personal Information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.

    Disclosures of Personal Information for a Business Purpose

    We disclose your Personal Information for a business purpose to the following categories of third parties:

    • Our affiliates.
    • Service providers.
    • Third parties to whom you or your agents authorize us to disclose your Personal Information in connection with products or services we provide to you.

    In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:

    Category A: Identifiers
    Category B: California Consumer Records Personal Information categories
    Category C: Protected classifications characteristics under California or federal law
    Category I: Professional or employment-related information

    Sales of Personal Information

    In the preceding twelve (12) months, we have not sold Personal Information.

    Your Rights and Choices

    The CCPA provides California resident consumers with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

    Access to Specific Information and Data Portability Rights

    You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

    • The categories of Personal Information we collected about you.
    • The categories of sources for the Personal Information we collected about you.
    • Our business or commercial purpose for collecting or selling that Personal Information.
    • The categories of third parties with whom we share that Personal Information.
    • The specific pieces of Personal Information we collected about you (also called a data portability request).
    • If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
      • sales, identifying the Personal Information categories that each category of recipient purchased; and
      • disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.

    Deletion Request Rights

    You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

    We may deny a deletion request if we cannot verify that the consumer making the request is the consumer about whom we have collected information or is a person authorized by the consumer to act on that consumer’s behalf.

    We may also deny your deletion request if retaining the information is necessary for us or our service providers to:

    • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you
    • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
    • Debug products to identify and repair errors that impair existing intended functionality
    • Exercise free speech, ensure the right of another consumer to exercise their free speech rights or exercise another right provided for by law
    • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.)
    • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent
    • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us
    • Comply with a legal obligation
    • Make other internal and lawful uses of that information that are compatible with the context in which you provided it

    Exercising Access, Data Portability, and Deletion Rights

    To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by may submit a request to us by visiting our web page and sending us a message or by any of the other methods described in the Contact Information section of this CCPA Notice.

    Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

    You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

    • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
    • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

    We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

    Response Timing and Format

    We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

    We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

    Personal Information Sales Opt-Out and Opt-In Rights

    If you are 16 years of age or older, you have the right to direct us to not sell your Personal Information at any time (the “right to opt-out”). We do not sell the Personal Information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and less than 16 years of age or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to Personal Information sales may opt-out of future sales at any time.

    To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by visiting our web page and sending us a message.

    Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Information sales. However, you may change your mind and opt back into Personal Information sales at any time by visiting our website and sending us a message.

    We will only use Personal Information provided in an opt-out request to review and comply with the request.

    Non-Discrimination

    We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

    • Deny to you goods or services.
    • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
    • Provide you a different level or quality of goods or services.
    • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

    However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value to our business and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

    California’s “Shine the Light” law (Civil Code § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send us an electronic message through our website or write us at our address listed on our webpage.

    Changes to this CCPA Notice

    We reserve the right to amend this CCPA Notice at our discretion and at any time. When we make changes to this CCPA Notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of those changes.

    Contact Information

    If you have any questions or comments about this CCPA Notice, our Privacy Policy, the ways in which we collect and use your information, your choices and rights regarding that use, or wish to exercise your rights under California law, please contact us as described in the Contact Information section of this Privacy Policy.

    APPENDIX C – Declaration of Cookies Utilized