Privacy Policy

Privacy Policy For Makr Hospitality, LLC DBA Appellation Hotels

Appellation Hotels

PRIVACY Policy

1. Policy Effectiveness

Effective as of March 26, 2025 and last updated as of March 26, 2025.

2. Your Privacy Is Important To Us

This is the privacy policy of Makr Hospitality, LLC, a Delaware limited liability company doing business as Appellation Hotels (collectively, the "Company", "we", "us", or "our"). We take your privacy seriously and this Privacy Policy contains important information as to our information and data privacy practices, meaning the Personal Data (as defined below) that we collect, use, share, disclose, and keep, along with your rights and how to exercise them. This Privacy Policy is meant to comply with both the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 ("CPRA", collectively, the "CCPA") and European Union General Data Protection Regulation (the "GDPR"), along with other applicable laws.

3. Terms of Use Policy

By using or accessing our Services (as defined below) in any form or manner, you are also agreeing to be bound by our Terms of Use Policy (the "Terms of Use), which can be accessed here: [link to terms of use]. If you do not agree to the terms therein or herein, please cease your use and access to our Services.

4. Personal Information We Collect About You

A. Important Definitions.

"personal information" under the CCPA generally means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. This includes, but is not limited to, names, contact details, government-issued identification numbers, financial account information, purchase and transaction history, internet and browsing activity, geolocation data, employment and professional details, and inferences drawn from personal preferences and behaviors.

"sensitive personal information" under the CCPA generally includes Personal Information that reveals a consumer’s Social Security number, driver’s license, state identification card, or passport number; a consumer’s financial account information in combination with access credentials; precise geolocation data; racial or ethnic origin; religious or philosophical beliefs; union membership; genetic data; the contents of a consumer’s mail, email, or text messages unless the business is the intended recipient; biometric data used for identification; health information; and data concerning a consumer’s sex life or sexual orientation.

"personal data" under the GDPR generally means any information relating to an identified or identifiable natural person (a "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

"special categories of data" under the GDPR generally means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a person, health-related data, and data concerning a person’s sex life or sexual orientation. The processing of these special categories of data is prohibited unless an exception applies, such as the data subject providing explicit consent or the processing being necessary for specific legal, medical, or public interest purposes.

"Personal Data" as used in this Privacy Policy, unless specifically referencing a CCPA or GDPR term, is meant to encapsulate the definitions of Personal Information, Sensitive Personal Information, Personal Data, and Special Categories of Data listed above and generally referring to any information that allows us to personally identify you, locate you, or contact you.

B. The Personal Information We Collect; Personal Information Disclosed By You. The Personal Data that we collect from you may include, but is not limited to:

  • Your full name (along with any aliases);
  • Contact information (phone number, email address, mailing address, etc.);
  • Date of birth and age;
  • Payment information (such as debit/credit card numbers, billing address, security codes; etc.);
  • Government issued identification information (passport, driver's license, state ID card, etc.);
  • Account details (login, password, recovery email);
  • Transaction history with the Company (previous bookings, reservations, purchases, etc.);
  • Loyalty or rewards program details (such as membership term, reward points, etc.);
  • Guest preferences (room preferences, food preferences, dietary restrictions, health concerns, etc.);
  • Emergency contact information (name, contact information, etc.);
  • Previous employment and education information (when applying for employment with us);
  • IP address and device identifiers (when using online services or Wi-Fi offered by the Company);
  • Online interactions (website visitor data, chatbot inquiries, mobile app usage, etc.); and
  • Travel details (flight information, travel arrangements, expected check-in and check-out times).

Generally, Personal Data is requested from you when you request a specific good or service from us and we will only request the Personal Data needed from you to comply with your request for the goods and services that we offer. The extent to which you provide your Personal Data is determined and controlled by you in your sole discretion, and the Personal Data we collect may include other information you voluntarily provide.

5. How We Collect Your Personal Information

We collect Personal Data in a variety of ways in order to provide with you with a variety of hospitality related goods and services, potentially including, though not limited to, hotel accommodations, casual and fine dining, wine tasting and tours, private event hosting, catering services, spa services, and other concierge arrangements accessible via our website, mobile applications, social media platforms, in-person, and authorized third-party booking platforms (collectively, the "Services"). We collect Personal Data from a variety of categories of sources, which includes, but is not limited to:

A. You Directly. We collect Personal Data when you voluntarily provide it to us, including, but not limited to, when you:

  • Create an account in connection with the Services;
  • Enroll in any loyalty or rewards programs offered by us;
  • Fill out online forms;
  • Sign up for newsletters and other promotional materials;
  • Communicate with our customer service or other staff, whether in person, online, telephone, etc.;
  • Provide your room preferences, food preferences, dietary restrictions, health concerns, etc.; or
  • Provide payment details and information.

B. Automatic Collection. We collect Personal Data automatically when you interact with our Services, specifically our website, mobile applications, or other digital services, including, but not limited to:

  • Device and usage information, which may include IP address, device identifiers, browser type, and other technical details;
  • Cookies and other similar tracking technologies, which are generally pieces of information stored directly on your device from our Services which may personalize your experience, improve our Services and their reliability on your device, and assist in web traffic and other analysis; or
  • Wifi and geolocation data, when you use our Services which may improve connectivity, security, and personalized services.

Please also note that we do not respond to web browsers' "Do Not Track" ("DNT") signals or other mechanisms that enable individuals to exercise choice regarding the collection of such information, unless specifically required under applicable law.

C. Third Parties. We may also receive your Personal Data from third parties, including, but not limited to,

  • Social media, if you interact with us via social media platforms such as Facebook, Instagram, X, TikTok, LinkedIn, Yelp, Google, or similar social media networks;
  • Booking agencies and services, if you make personal or corporate reservations for any of our Services through authorized third party providers such as Google, Expedia, Booking.com, OpenTable, etc.; or
  • Other marketing and internet analytics providers.

D. Security Systems & Processes. We may collect Personal Data through various information technology ("IT") and security systems in order to ensure the safety and security of you, our staff, other guests, and other parties through various sources which include, but are not limited to:

  • CCTV or other similar security systems in public areas of our facilities;
  • Guest verification and access systems, which may include identification checks for age-restricted Services, government mandated recordation, door and facility access information, and similar information; or
  • Incident reports, whether in the case of incident, emergency, accidents, or law enforcement.

6. How And Why We Use Your Personal Information

We may use your Personal Data in a variety of ways but only for proper purposes in pursuit of our legitimate business interests and purposes, which includes, but is not limited to:

  • Responding to and fulfilling your requests for Services or other requests;
  • Improving our Services and related processes;
  • Complying with legal and regulatory obligations we are subject to;
  • Ensuring your safety and security while using or accessing our Services;
  • Sending you marketing communications, including offers for Services, newsletters, and other commercial messages for which you have provided consent, where required;
  • Informing you about changes to our Services, including our website, mobile applications, or other digital means, our Terms of Use Policy, other Company policies, this Privacy Policy; or
  • In other ways in which you have provided consent for us to do so, or for where your consent is expressly required, such as in the processing of special categories of data of EEA Data Subjects pursuant to the GDPR.

7. Who We Share Your Personal Information With

We do not sell, trade, or rent your Personal Data to third-parties. We may share your Personal Data with a variety of parties and Service Partners (as defined below), including, but not limited to: 

  • Our affiliates and family of companies, including, but not limited to Charlie Palmer Collective;
  • Third party business partners, which may include hotel consortiums or parties we engage with in connection with corporate transactions involving the Company;
  • Law enforcement and regulatory agencies, in order to comply with laws, regulations, court orders, and other lawful instruction;
  • Our bank, insurers, brokers, and credit reporting agencies, as necessary; and
  • Other third parties that you specifically request or provide consent for.

Specifically, as of the date this Privacy Policy was last updated, we share Personal Data with our Service Partners in facilitation of our Services, which include, but may not be limited to:

  • MediaConcepts, in the development and operation of our website, mobile application, and booking engine;
  • Salesforce, for customer relationship management ("CRM") including, but not limited to managing guest relations, individual and corporate accounts, managing reservations, creating and enhancing marketing campaigns, etc.;
  • Maestro, as our property management system ("PMS"), which assists with front desk management, reservations for our Services and related services;
  • HAPI, for data management services and system interoperability functions;
  • SynXis Central Reservation System ("CRS") from Sabre Corporation, which helps manage pricing, inventory, and reservations for some or all of our Services;
  • Silverware, which is our point of sale system ("POS"), used across our Services;
  • Paylocity, which assists us in the recruiting of employees, payroll services, and similar functions;
  • Revinate, which assists with our reputation management; and
  • MezzoPay, which assists with payment processing involving our Services.
  • Preferred Hotels, an affiliate brand partner.

Please note that our Service Partners may have their own privacy policies that govern how they collect, use, and protect Personal Data. We encourage you to review the privacy policies for our identified Service Partners, as we are not in control or responsible for their data practices, security measures, or legal compliance.

8. How Long We Keep Your Data

We will keep your Personal Data while you maintain any form of account with us, while you request, access, or use our Services, and we shall keep your Personal Data thereafter to the extent we determine necessary to respond to any questions, complaints, claims made by you or on your behalf by an authorized representative, to provide you with information about our relationship and engagements, or as required to comply with applicable law and regulation by which were are bound. We will not retain your Personal Data for longer than a period we deem necessary to keep for the purposes that are set forth in this Privacy Policy. Once we determine that such Personal Data is no longer necessary to be kept by us, we will no longer share your Personal Data with Service Partners or other third parties and will delete your Personal Data.

9. California Consumers: Your Rights

We are subject to the CCPA when offering goods and/or services to California consumers and if we qualify as a business thereunder. Terms used in this section shall have the meaning as set forth under the CCPA unless so specifically stated. Pursuant to the CCPA, you have certain rights regarding your Personal Information, including, but not limited to:

A. Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected, used, disclosed, or shared about you over the past twelve (12) months. This includes details about the sources of the information, the purposes for collection, and the third parties with whom we have shared or disclosed the data. Though please note that we are not required retain personal information obtained in a one-time transaction for which personal information is not retained by us in our normal course of business, are not obligated to reidentify or otherwise link any data that is maintained in a manner that does not constitute personal information, and provide responsive information to you pursuant to this right more than twice in a twelve (12) month period;

B. Right to Delete. You may request that we delete personal information we have collected from you, subject to certain exceptions. We may deny deletion requests if the information is needed to complete a transaction, provide a requested service, comply with legal or regulatory obligations, ensure the security and integrity of the Services and your personal information, or for other permitted business purposes;

C. Right to Correct. You have the right to request that we correct any inaccurate personal information we may maintain about you. Thereafter, we shall use commercially reasonably efforts to confirm and correct the inaccurate information that we maintain about you;

D. Right to Opt-Out of the Sale or Sharing of your Personal Information. You have the right to request us to not to sell or share your personal information with third parties for cross-context behavioral advertising purposes;

E. Right to Limit the Use and Disclosure of Sensitive Personal Information. If we collect sensitive personal information, such as government-issued identifiers, financial account details, precise geolocation data, or health-related data, you have the right to restrict its use and disclosure to only what is necessary for us to provide you with the services you request from us;

F. Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA rights. This means we will not deny you services, charge different prices, or provide a lower quality of service due to your choices or excising of your rights regarding your personal information under the CCPA. However, we may offer financial incentives or charge different rates for the collection, sale, or retention of personal information, so long as we remain in compliance with the CCPA;

G. Right to Access Information About Automated Decision-Making. You have the right to request information about how we use automated decision-making technologies, including profiling, and to opt-out of such processing, in certain circumstances;

H. Right to Data Portability. Upon request, we will provide you with a copy of the personal information we have collected on you in a readily usable format so that you may transfer it to another entity;

I. Right to Designate an Authorized Agent. You may designate an authorized agent to submit requests on your behalf. We may require verification of both your identity and the agent’s authorization before processing such requests; and

J. Right to Appeal. If we deny a request of yours regarding your personal information, you have the right to appeal our decision.

10. EEA Data Subjects: Your Rights

We are subject to the GDPR whenever offering goods and/or services to data subjects in the European Economic Area ("EEA") as a controller of your personal information. Terms used in this section shall have the meaning as set forth under the GDPR unless so specifically stated. Pursuant to the GDPR, you have certain rights regarding your personal data, including, but not limited to:

A. Right to Access. You have the right to request confirmation of whether we process your personal data and, if so, to access a copy of the personal data we hold about you, along with details on how we use it;

B. Right to Rectification. If any of the personal data we maintain about you is inaccurate or incomplete, you have the right to request that we correct or update it without undue delay;

C. Right to Erasure (“Right to be Forgotten”). In certain circumstances, you may request that we delete your personal data. This right applies when:

  • Your data is no longer necessary for the purpose for which it was collected;
  • You withdraw consent where processing was based on consent;
  • You object to the processing, and we have no overriding, legitimate grounds;
  • Your data was unlawfully processed; or
  • When deletion is required by law.

However, we may retain certain personal data if required by law or for legitimate business purposes;

D. Right to Restriction of Processing. You have the right to request that we temporarily stop processing your personal data in the following cases:

  • If you object to or contest the accuracy of your personal data, while we verify its accuracy;
  • If processing of your personal data is unlawful, but you request restriction instead of deletion;
  • If we no longer need your personal data, but you require it for legal claims; or
  • If you have objected to processing of your personal data and we are verifying whether we have overriding legitimate grounds;

E. Right to Object to Processing. You have the right to object to the processing of your personal data when processing is based on legitimate interests or direct marketing purposes. We will stop processing your data unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms;

F. Right to Data Portability. You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You may also request that we transmit this data to another data controller, where technically feasible. This applies only when processing is based on consent or contract and is carried out by automated means;

G. Right to Withdraw Consent. If we process your personal data when processing is based on your consent, you have the right to withdraw such consent at any time. Withdrawal does not affect the lawfulness of prior processing based on consent prior to your withdrawal;

H. Right to Not Be Subject to Automated Decision-Making. You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. Exceptions apply if the decision:

  • Is necessary for entering into or performing a contract;
  • Is authorized by applicable law or regulation; or
  • Is based on your explicit consent.

In such cases, you have the right to request human intervention and challenge the decision; and

I. Right to Lodge a Complaint with a Supervisory Authority. If you believe that we have unlawfully processed your personal data or violated your rights under the GDPR, you have the right to file a complaint with a Data Protection Authority ("DPA") in your country of residence, place of work, or where the alleged infringement occurred.

J. Other Important Provisions. Further, any personal data that constitutes special categories of personal data will only be processed following your express consent. Your personal data may be held at our offices in the United States, with our affiliates, with our Service Partners, and their agents and related parties, which may be held outside of the EEA. To deliver the Services to you, it may be necessary for us to share your personal data outside of the EEA. In any transfer of your personal data, we will comply with the GDPR and other applicable law in the transfer thereof.

11. Personal Data of Children

In compliance with the CCPA, GDPR, the Children's Online Privacy Protection Act (the "COPPA"), the California Online Privacy Protection Act (the "CalOPPA"), and other applicable law, we do not knowingly collect, maintain, or use Personal Data from children under the age of sixteen (16). Additionally, no portion of our website, mobile application, or other digital offerings directly solicit children under the age of thirteen (13). If we discover that any such child has provided Personal Data via the Services, we will promptly delete such Personal Data. Children under the age of eighteen (18) who have publicly posted content on our website, mobile applications, or other digital means may request its removal and we shall make commercially reasonable efforts to cause its removal thereafter.

12. How to Exercise Your Rights

To exercise any of your rights relating to your Personal Data, please send an e-mail to info@appellationhotels.com and please include a sufficient amount of information for us to identify whom we maintain Personal Data for, that you are the subject making the request or an authorized representative therefore, and to understand the request or dispute. We are not obligated to comply with your request or dispute if we cannot verify that the person making the request is the subject about whom we collected Personal Data or is someone authorized to act on such subject's behalf. Any Personal Data we collect from you to verify your identity in connection with your request will be used solely for the purposes of such verification.

You may also file a complaint directly with a DPO pursuant to your rights under the GDPR, if applicable.

13. How We Keep Your Personal Information Secure

We have and maintain reasonable and appropriate security measures to prevent Personal Data from being accidentally lost, used, or accessed in any unauthorized manner. We limit access to your Personal Data to those who have a genuine and legitimate business reason to access it. Those processing your Personal Data will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach when and where we are legally required to do so.

14. Policy Changes

We reserve the right to and shall periodically, no less frequently than every twelve (12) months, review, revise, and update the terms and provisions of this Privacy Policy in our sole discretion. Any such additions, reductions, amendments, etc. will be effective, with our without prior notice, as of the date the revised Privacy Policy is posted to our website. When any amendments materially changes your rights hereunder, we will also notify you via the Personal Data we maintain for you.

15. Contact Us

If you have any comments, questions, or concerns regarding Privacy Policy or simply would like more information, please contact us by sending an e-mail to info@appellationhotels.com calling us 707-473-8213, or sending mail to 165 Foss Creek Circle, Healdsburg CA 95448.