NOBU HOTEL PRIVACY STATEMENT

Last Updated: March 2024

At Nobu, we take your privacy very seriously and we are committed to protecting your personal information.

This privacy statement describes how we collect, use, protect and share personal information we collect from you, or that you provide to us when you visit our hotels, use our website (https://www.nobuhotels.com/) (the “Website”) or the Nobu mobile app (the “App”) or otherwise interact with us.

If you wish to contact us regarding this privacy statement, we may be reached at [email protected].

Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.

ABOUT NOBU AND THE NOBU FAMILY

The Nobu companies worldwide are described further below. This privacy statement applies to handling of personal information by each Nobu Hotel worldwide, as run by any company within the Nobu Family (“Nobu” / “we” / “our” / “us”). For purposes of data protection laws in the European Economic Area, United Kingdom and Switzerland, the data controller of your personal information is Nobu Hotel worldwide. Nobu can be contacted at:

Privacy at Nobu
Nobu Hospitality
40 West 57th St, Suite 320
New York, NY 10019

This privacy statement does not apply to the processing of your data by the operator of our mobile app to the extent that such operator is using the data for its own purposes as a data controller.

INFORMATION WE COLLECT AND PROCESS

We may collect one or more of the following categories of personal information about you when you when you (i) visit our hotels, (ii) use our Website or our App, (iii) connect to the wireless/wi-fi that may be offered at our properties (“Wi-Fi Access”), or (iv) interact with us, including through the social media channels that we control (“Social Media Channels,” collectively with Websites, Wi-Fi Access and Apps, the “Services”) that link to this Privacy Statement.

Categories of Personal Information Collected

Types of Personal Information Collected

Source of Personal Information

Business Purpose for Collection of Personal Information

Identifiers

Your name, address, phone number, email address,

details, details of any allergies and dietary requirements (including any dietary or access assistance requirements you may provide).

Information you give us, your reservation details, your profile details, information from third parties, including social media, delivery or reservation providers, cookies and other online tracking technologies.

To process any reservations or bookings for private events, to collect payments, and provide our services, for legal and/or regulatory requirements.

Financial Information

Your name, bank details, credit card and/or debit card details.

Information you give us, your reservation details, your profile details, information from third parties, including delivery or reservation providers.

To provide you with our services, to collect payments, and for legal and/or regulatory requirements.

Internet, Computer, or Other Similar Networking

Technical information, including the type of device (and its unique device identifier) you use to access the Online Services, the Internet protocol (IP) address used to connect your device to the Internet, your unique device identifier (UDID) or mobile equipment identifier (MEID) for your mobile device, your device and component serial numbers, your login information, browser type and version, time zone setting, browser plug in types and versions, operating systems, mobile network information and platform and details of any referring website or application; and Information about your visit to the Online Services including full Uniform Resource Locators (URL), clickstream to, through and from the Online Services (including date and time), pages you viewed, page response time, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Information you give to us or that is collected automatically through our cookies or other tracking technologies.

To provide you with our services, to enhance our Online Services, for legal and/or regulatory requirements.

RATIONALE FOR PROCESSING PERSONAL INFORMATION

We process personal information as necessary for us:

  • To provide our services to our customers;
  • To fulfill our legitimate interests, including to allow us to understand our customers better, ensure our offerings are updated and relevant, and to develop our business and inform our marketing strategy;
  • To inform you of our Services and other relevant information; and
  • For other purposes with notice to you and with you consent, where necessary.

To the extent we rely on our legitimate interests as a legal basis for processing personal information, we have considered the balance between our own interests (among other things, the lawful and efficient operation of our Services) and your interests and we believe that (i) you would reasonably expect us to carry out the kind of processing referenced above and (ii) such processing will not cause you any harm and/or will not seriously impact your rights and freedoms with regards to data privacy. At times, we may also collect your personal information where we have your consent to do so or as otherwise necessary for the performance of a contract to which you are a party, and in order to take steps (at your request) to enter into such contract. You have the right to withdraw any consent given to us for the processing of your personal information at any time. We may also collect your personal information as necessary for us to comply with our legal obligations, including to protect your vital interests or those of another.

COOKIES AND OTHER ONLINE TRACKING TECHNOLOGIES

A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and is used to remember and/or obtain information about the user and a “web beacon” is a small object or image that is embedded into a web page, application, or email and is used to track activity, which are also sometimes referred to as pixels and tags.

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of the Website and the Online They include, for example, cookies that enable you to log into the Online Services.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. They also enable us to see how users use the Online This helps us to improve the way the Website and the Online Services work.
  • Functionality cookies. These are used to recognize you when you return to the Online Services. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to the Website or the Online Services, the pages you have visited and the links you We will use this information to make the website and the advertising displayed on it more relevant to your interests.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Cookie Type of Use How it’s used
PHPSESS ID Strictly necessary Created by backend PHP language to keep track of information traveling between pages. It is a random generated number. It does not keep any specific information of the user (https://cookiepedia.co.uk/cookies/PHPSESSID)
  cfduid Strictly necessary Set by the CloudFlare service to identify trusted web traffic. It does not correspond to any user id in the web application, nor does the cookie store any personally identifiable information. (https://support.cloudflare.com/hc/en-us/articles/200170156-What- does-the-CloudFlare-cfduid-cookie-do-)
_ga &

_gid

Analytical/perform ance cookies Google Analytics. In order for Google Analytics to determine that two distinct hits belong to the same user, a unique identifier, associated with that particular user, must be sent with each hit. (https://developers.google.com/analytics/devguides/collection/anal yticsjs/cookies-user-id)

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the Online Services.

For more detailed information about cookies and how they can be managed and deleted, please visit www.allaboutcookies.org.

MARKETING AND YOUR CHOICES

We will, if you have given us your consent and in line with your choices, provide you with information by post, telephone, email and SMS, which may be of interest to you in respect of the Nobu hotels.

We will only provide you with marketing communications if you would like us to. You will have the opportunity to clearly set out whether you wish to receive marketing messages from us by ticking the relevant boxes.

PERSONAL INFORMATION OF CHILDREN

We do not knowingly collect information from children under the age of 13 through our Website or App. If you are under 13, please do not give us any personal information. We encourage parents and legal guardians to monitor their children’s internet usage to help enforce this Privacy Statement by instructing their children never to provide us personal information. If you become aware that your child or any child under your care has provided us with information without your consent, please email us at [email protected] and we will endeavor to delete that personal information from our databases

DISCLOSURE OF YOUR PERSONAL INFORMATION

We do not sell your personal information.

We may share your personal information with selected third parties in accordance with this privacy statement, with the following categories of recipients:

  • Our business partners, including our partners within the Nobu Family, social media companies (if you use your account with them to sign up or sign in with us); professional advisers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • In the event of an acquisition or merger, with third parties, who acquire us or substantially all of our assets, in which case your personal information (including any sensitive personal information) will be one of the transferred assets (however, we will let you know before this happens).
  • Our service providers (for example, IT services or CRM services); suppliers and sub-contractors for the performance of any contract we enter into with you or for marketing communications; and other vendors who provide services to us, such as fulfilling orders, providing data processing and other information technology services, managing promotions, carrying out research and analysis, and personalizing individual Nobu customer experiences; and with analytics and search engine providers that assist us in the improvement and optimization of the Website and the Online
  • Legal & Regulatory Authorities, including government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons (this may include your location information).

WHERE WE STORE YOUR PERSONAL INFORMATION

We may transfer your personal information to a jurisdiction other than the one from which we collected your personal information, including to countries that may not have the same level of protections for your personal information. By using our Website, App and/or Services, you agree to the transfer of your personal information to other jurisdictions.

INFORMATION SECURITY

We are committed to taking appropriate measures designed to keep your personal information secure. Our technical and organizational procedures are designed to protect your personal information from accidental, unlawful or unauthorized loss, access, disclosure, use, alteration, or destruction. While we make efforts to protect our information systems, no website, mobile application, computer system, or transmission of information over the Internet or any other public network can be guaranteed to be 100% secure. Once we have received your personal information, we will use strict procedures and security features to try to prevent unauthorized access or inadvertent disclosure.

Where we have given you (or where you have chosen) a password which enables you to access the Online Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

RETAINING PERSONAL INFORMATION

We will only keep your information for the length of time needed to carry out the purposes outlined in this privacy statement and for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances, we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Even if you request that we erase your data, we may still need to keep it (please see below) or may keep it in a form that does not identify you.

If you have not agreed that we may use your personal information for marketing purposes, we will keep it for a period of 6 years after you have attended one of our hotels or last used the Online Services, whichever is longer.

YOUR CHOICES & RIGHTS

Depending upon where you reside, certain choices and rights may be available to you under applicable data protection laws. If you have questions about what rights may apply to you, please contact us at [email protected].

Do Not Track: Our websites and apps are not designed to respond to “do not track” requests from browsers.

“Shine the Light” and “Eraser” Laws: Residents of the State of California may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties’ direct marketing purposes.

California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA): The CCPA, as amended by the CPRA, provides California residents and/or their authorized agents with specific rights regarding the collection and storage of their personal information.

Your Right to Know: California residents have the right to request that we disclose the following information to you about our collection and use of your personal information over the past twelve (12) months. We may ask you to provide certain information to identify yourself so that we may compare it with our records in order to verify your request. Upon verification, we will disclose to you:

  1. The categories of personal information we have collected about
  2. The categories of sources for the personal information we have collected about
  3. The specific pieces of personal information we have collected about
  4. Our business or commercial purpose for collecting or selling your personal
  5. The categories of third parties to whom we have sold or shared your personal information, if any, and the categories of personal information that we have shared with each third-party recipient.

Your Right to Opt-Out of Sale or Sharing of Personal Information: Under the CCPA, as amended by the CPRA, California residents have the right to opt-out of the sale of their personal information and/or the sharing of personal information with third parties for the purposes of cross-contextual behavioral advertising or profiling by submitting a request. Please note that we do not sell personal information, including the personal information of any individuals under the age of 16, nor do we share any personal information for the purposes of cross-contextual behavioral advertising.

Your Right to Limit Use of Sensitive Personal Information: California residents have the right to request that we limit our use of any sensitive personal information to those uses, which are necessary to perform the Services or for other business purposes under the CCPA, as amended by the CPRA.

Your Right to Delete: California residents have the right to request that we delete any of the personal information collected from you and retained by us, subject to certain exceptions. We may ask you to provide certain information to identify yourself so that we may compare it with our records in order to verify your request. Once your request is verified and we have determined that we are required to delete the requested personal information in accordance with the CCPA, as amended by the CPRA, we will delete, and direct our third-party service provides to delete, your personal information from their records. Your request to delete personal information that we have collected may be denied if we conclude it is necessary for us to retain such personal information under one or more of the exceptions listed in the CCPA, as amended by the CPRA.

Your Right to Correct: Under the CCPA, as amended by the CPRA, California residents have the right to request that we correct any inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes for which we are processing such personal information. We will use commercially reasonable efforts to correct such inaccurate personal information about you.

Non-Discrimination: You will not receive any discriminatory treatment by us for the exercise of your privacy rights conferred by the CCPA, as amended by the CPRA.

For Individuals Located in the European Economic Area (EEA), the United Kingdom (UK) or Switzerland:

You have a number of rights under applicable data protection laws in relation to your personal information. Under certain circumstances, you have the right to:

  • Have access to your personal information by submitting a request to us;
  • Have your personal information deleted;
  • Have your personal information corrected if it is wrong;
  • Have the processing of your personal information restricted;
  • Object to further processing of your personal information, including to object to marketing from us;
  • Make a data portability request;
  • Withdraw any consent you have provided to us;
  • Restrict any automatic processing of your personal information; and
  • Complain to the appropriate Supervisory

Verifying Your Request: Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access and deletion, your request must be verifiable before we can fulfill such request. Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information or a person authorized to act on your behalf. We will only use the personal information that you have provided in a verifiable request in order to verify your request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority. Please note that we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive or manifestly unfounded.

THIRD-PARTY LINKS

We may provide links to other websites or resources provided by third parties. These links are provided for your convenience only. We have no control over the contents of those websites or resources, and accept no responsibility for them or for any loss or damage that may arise from your use of them. If you decide to access any third-party links on the Website or App, you do so entirely at your own risk and subject to the terms and conditions of those websites.

CHANGES TO THIS PRIVACY STATEMENT

This Privacy Statement is effective as of the date stated at the top of this Privacy Statement. We may change this Privacy Statement from time to time. By accessing and using the Website, App and Services after we notify you of such changes to this Privacy Statement, you are deemed to have accepted such changes. Please refer back to this Privacy Statement on a regular basis.

HOW TO CONTACT US

Questions, comments and requests regarding our privacy statement are welcome and should be addressed to:

Privacy at Nobu
Nobu Hospitality
40 West 57th St, Suite 320
New York, NY 10019
[email protected]

Please also contact us if you would like to know more about our data processing activities, to update or amend any of your personal information which you have provided to us or if you believe our records relating to your personal information are incorrect. If you are located in the United Kingdom or European Economic Area and believe we have not adequately resolved any issues, you may contact the Supervisory Authority concerned.

DOWNLOAD HERE.