This policy describes the types of information that WorkLLama LLC (“WorkLLama”), on behalf of Marriott International, Inc. (“Data Owner”, WorkLLama and Data Owner are sometimes referred to individually or collectively, as the context indicates, as “we”, “our” or “us”), may collect from you or that you may provide when you purchase, download, install, register with, access, or use the Marriott International, Inc. powered by WorkLLama™ mobile application, www.marriott.workllama.com, or any other Marriott International, Inc. website operated by WorkLLama (collectively, the “App”) and our practices for collecting, using, maintaining, protecting, and disclosing that information. Information collected or provided will be owned by the Data Owner.
This policy is intended to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this policy. This policy applies to information collected through the App and from electronic messages between you and the App, including, without limitation, information that identifies, relates to, describes, and references are reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
In this policy, “GDPR Locations” refers to countries in the European Union, European Economic Area, and Switzerland. Users in GDPR Locations may have additional or different rights under the European Union General Data Protection Regulation (“GDPR”). We will point out in this policy that rights are different for users in Designated Countries because of GDPR. For purposes of GDPR, Data Owner is the data controller and WorkLLama is the data processor.
This policy does not apply to information collected by: (i) us offline or through any other means, including through any other application operated by WorkLLama, Data Owner, or any third party; or (ii) any third party (including our affiliates), including through any application or content that may link to or be accessible from the App.
Please read this policy carefully to understand our policies and practices regarding your information. By downloading, registering with, accessing or using the App, or by clicking to accept or agree to the Terms of Service when this option is made available to you, you agree to this policy. If you do not agree with our policies and practices, do not download, register with, or use this App.
By using the App:
Where required by applicable law, we may ask for your specific consent regarding the collection, processing, or transfer of certain personal data and personal information. You have the right to revoke at any time any consent you previously provided to us by contacting us. Revoking consent may impact or limit your ability to use certain functionalities of the App.
The following categories contain the type of personal information or other information we may have collected within the last twelve (12) months and may collect in the future from you or other users:
We obtain the categories of personal information or other information listed above from the following categories of sources:
“Unique Identifiers” may also be used to enable your use of the App. Unique Identifiers are small files used by our App that are stored on your device when the App is first installed for the purposes of identifying your device for consistent usage across sessions in the App. Unique Identifiers are installation-specific: if the App is uninstalled and then reinstalled, the old Unique Identifier is deleted and a new Unique Identifier is installed. These Unique Identifiers do not contain any personal information or other sensitive information. We use Unique Identifiers to track and enhance your usage of the App.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
The following is a summary of the purposes and legal basis for which we may use, process or disclose information that we collect about you or that you provide to us, including any personal information, in accordance with applicable law (e.g. CCPA or GDPR):
We will not collect additional categories of personal information or other information or use the personal information or other information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Personal information or personal data collected from users located in GDPR locations will be stored and processed in the USA by suppliers where adequate safeguards are in place to protect your data. Your personal information or personal data will be stored and processed as long as we deem necessary in relation to the purposes described above, unless you otherwise object. You may contact us to obtain documentation regarding the storage and safeguards using the contact details provided in this policy.
Where you register to receive certain of the service, including job referrals or job applications, we may carry out certain real-time automated assessments to determine eligibility to receive the service or your candidacy. An automated assessment is an assessment carried out automatically using a computer system or other technological means without human involvement. This assessment may review and analyze your personal information or personal data and include several checks, e.g., validation of your identification, validation of your right to work, skills checks, and other information verifications. Where a decision is made based solely on automation, you will be informed and have the right to challenge the automated decision by contacting us.
We may disclose or share de-identified or aggregated information about our users without restriction and such information does not constitute personal information or personal data.
Additionally, we may disclose or share your personal information to a third party for a business purpose in compliance with applicable law, such as providing services related to the App. We may disclose or share your personal information to certain third parties without further notice, unless required by applicable law, as follows:
Occasionally, at our discretion, we may include or offer third party products or services on our App. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Depending on where you live (e.g. if you are a resident of California or a GDPR Location), you may have certain rights relating to your personal information or personal data. These rights are not always absolute; the right may be subject to certain exemptions or conditions and may depend on the processing activities we exercise regarding your personal information or personal data. This section describes some of the common rights that may apply to you (subject to the applicable law) and explains how to exercise those rights.
Under certain circumstances, you have the right to request that we disclose or provide you access to one (1) copy of certain information to you about our maintenance, collection, and processing/use of your personal information and personal data. If you have an account profile, you can access some of this information by logging in to your account.
You may have the right to correct your personal information or personal data is contains errors or is out of date. You may change some personal information or personal data that you have submitted to us through the App by logging into your account and updating your account profile in the App.
You may have right to request that your personal information or personal data is provided to your or transmitted to another data controller. When this right applies, your personal information or personal data will be provided in a structured, commonly used and machine-readable format.
You may have the right to request that we delete any of your personal information or personal data that we collected from you and retained, subject to certain exceptions.
Under certain circumstances, you may have the right to request that we limit or completely stop processing your personal information or personal data.
You have the right to object to the processing of your personal information or personal data where the processing is based on our legitimate interests. When these objections are made, we have the opportunity to demonstrate that we have a compelling interest to continue the processing that overrides your interests or to pursue a legal claim.
Additionally, you have the object to processing for direct marketing, which includes profiling for direct marketing. You will be provided with the opportunity to opt out of any direct marketing efforts in your account profile and through the methods in which such marketing is sent to you.
You have the right to object to decisions that are based only on the automated processing of your personal information or personal data. These objections will be considered where you have not explicitly consented to the automated processing, the automated processing is not necessary for a contract or agreement between you and us, or automated processing is not otherwise permitted by applicable law.
To exercise the rights described above, please submit a verifiable request to WorkLLama (as set forth in the Contact Information section below) or the Data Owner by either:
Only you, or someone legally authorized to act on your behalf, may make a verifiable request related to your personal information or personal data.
California residents may only make a verifiable request for access or data portability twice within a 12-month period.
A verifiable request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable request does not require you to create an account with us. We will only use personal information provided in a verifiable request to verify the requestor’s identity or authority to make the request.
We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding receipt of the verifiable request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your rights. Unless permitted by applicable law, we will not:
However, exercising certain of your rights may inhibit your ability to effectively and fully use the App due to the nature of the services offered through the App. Additionally, we may offer you certain financial incentives permitted by applicable law that can result in different prices, rates, or quality levels. Any permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our App that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to Data Owner at firstname.lastname@example.org.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. Unfortunately, the transmission of information via the Internet is not completely secure. Although we use commercially reasonable efforts to protect your personal information in accordance with this policy and applicable law (including CCPA and GDPR), we cannot guarantee the security of your personal information transmitted to the App. Any transmission of personal information is at your own risk. We are not responsible for any party’s circumvention of any privacy settings or security measures contained in the App. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our App, you are responsible for keeping this password confidential. You should not share your password with anyone.
The App is not intended for children under 16 years of age. No one under age 16 may provide any information through the App. If you are under 16, do not use or provide any information through the App or on or through any of its features. We do not knowingly collect personal information from children under 16; however, if we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. Please contact us if you believe we might have personal information about a child under age 16.
In our effort to comply with the Fair Information Practices, should a data breach occur of which we are aware, we will attempt to notify affected users by email within ten (10) business days of becoming aware of such data breach, or as soon as possible thereafter.
We may change this policy from time to time and will post those changes in the App. If we make material changes to how we treat our users’ personal information or personal data, we will notify you by email or by conspicuous notice within the App. Your continued use of the App after we notify or post changes to the policy is deemed to be agreement to and acceptance of those revised policy, so be sure to check this policy periodically for updates. The date the policy was last revised is identified at the top of the page.
Except as otherwise set forth above, to make any request permitted by this policy, ask questions, or comment about this policy, contact WorkLLama by mail at 3655 North Point Pkwy Suite 450, Alpharetta, GA 30005, by email at email@example.com, or by phone at (404) 937-1971.
Users located in GDPR Locations may contact their local supervisory authority (EU Data Protection Authorities(https://ec.europa.eu/newsroom/article29/items/612080) If you feel you have not received an adequate or timely response from us, or would like to file a complaint.