Tech & Sourcing @ Morgan Lewis


The hospitality industry is particularly focused on data analytics and is the recipient of a large volume of end user data. To follow up on the privacy policy topic we discussed in the previous post in this series, we reviewed a hotel’s privacy policy to highlight several concepts that work together to establish broad use and disclosure rights. These concepts include the following:

  • Information may be collected from clients directly in the course of business, including via personal contact and social media, and may also be collected from third-party partners.
  • Information regarding an individual that has been collected directly or via third parties, as well as information that is inferred by the hotel based on such collected information, may be combined to create an aggregate dataset regarding the individual and shared with others (consistent with the privacy policy). Such information may be expressly used for a long list of permitted purposes, and, more generally, may be aggregated with data from third-party sources for data hygiene and analytics.
  • Information may be shared with the hotel’s business partners to enable them to provide products or services to the end user.
  • When visiting the hotel’s website, cookies and other technologies may be used to track an individual’s visit to the website as well as any other website.
  • Information that does not personally identify an individual (including aggregated and anonymized personal information) may be used or disclosed for any purpose.

As you can see, this company has designed its privacy policy in a manner that is designed to preserve broad and flexible use and disclosure rights, including conducting data analytics, regarding the information it collects.