Terms & Conditions

Retro Hospitality (together with its affiliates, “we,” “our,” or “us”) is the largest operator of boutique hotels in Virginia.

We are committed to protecting your privacy, and this Privacy Policy (“Policy”) will help you understand how we collect and process personal information from those who use of any our websites, mobile apps or related online and offline services that reference these Terms (collectively, the “Services”). This policy also describes what we will and will not do with the information we collect, and your choices about the collection and use of your information. If you have a business relationship with us, the contractual terms of that relationship will control in the event of any conflict. Some of the hotels we operate will reference a particular hotel brand’s terms and privacy policy (collectively, “Brand Terms”) instead of this Policy, and in that event, those Brand Terms will apply.

Please read this Policy and our Terms of Use (together with this Policy, the “Terms”) before you use our services. By using the Services, you represent and warrant that you are of legal age to form a binding contract with us, and agree to be bound and abide by our Terms. If you do not agree to all of our Terms, or if you violate them in any way, you may not access or use the Services. PLEASE SEE SECTIONS 11-13 OF OUR TERMS REGARDING YOUR LEGAL RIGHTS IN ANY DISPUTE INVOLVING OUR SERVICES, INCLUDING MANDATORY ARBITRATION, A WAIVER TO A JURY TRIAL OR CLASS ACTION.

1. How We Collect Personal Information We may collect information about you by various means, including:

· Directly from you, both online (e.g., our websites, email) and offline (e.g., phone, when visiting or staying at one of our hotel properties);

· From other third-party sources and social media platforms that you may use to engage with us;

· From a spa, restaurant, health club, concierge or other outlet at our properties, and from the hotel brands, reservation platforms, travel agencies and booking partners, or other third parties we work with; and

· By combining information from different sources, including online and offline data.

2. Types of Personal Information We Collect In order to better provide you with our Services, we may collect the following categories of personal information:

· Contact information you (or your representative) may affirmatively provide to us, such as your name, mailing address, e-mail address, phone number and account profile preferences;

· Reservation information you (or your representative) may provide, including loyalty program and other travel program information or promotional details, travel itinerary, travel preferences (e.g., room preferences), guests (including family members or companions, and their names and ages), title, employer and other employer details (for business travel), gender, date of birth, language preference, nationality, passport/visa or other government-issued identification;

· Transaction information such as payment information and transaction history if you make reservations or conduct other transactions with us (payment details like credit card information is used solely to process transactions);

· Stay information such as records of any stay at our properties, audio/video/image data recorded by CCTVs and other security equipment, details concerning any incidents or complaints;

· Survey information in response to forms we posted on our Services or sent to you, including for feedback and research purposes;

· Communications between you and us, such as via email, web form, mail, phone, or other channels; and

· Online User Activity described in the next section.

If you provide us with information regarding another individual (such as a family member or co-worker), you represent that you have their consent to give us their information and to permit us to use the information in accordance with this Policy. If the information relates to a child, you represent that you either are their parent/guardian or have any necessary consent from their parent/guardian to provide the information to us for use in accordance with this Policy.

3. Online User Activity, Cookies, and Information Collected by Other Automated Means

Our Services may use “cookies” and other technologies. These technologies can help us better understand user behavior to improve the website and create a better user experience for you. These technologies tell us which part of the website people have visited, and what Services are popular. We can also use such information to deliver customized content and advertising to users of the Services whose behavior indicates that they are interested in a particular subject area, and measure the effectiveness of advertisements and web searches. Cookies are a commonly used web technology that allow websites to store and retrieve certain information on a user's system, and track users' online activities. We, together with vendors we use, may collect information about your use of our Services by such automated means, including but not limited to cookies, pixels, SDKs and other similar technologies (collectively, "Online User Activity").

When you use the Services, the information we may collect by automated means includes, for example:

· Usage Details about your interaction with our Services (such as the date, time, and length of visits, and specific pages or content accessed during the visits, search terms, frequency of the visits,referring website addresses);

· Device Information of a device that you use to connect with our Services (such as device type and unique device identifier, operating system, browser type, and mobile network information); and

· Location information where you choose to provide the website with access to information about your device’s location.

We may provide certain personal information to third parties we engage with for targeted advertising, customer analytics, and to provide a more personalized experience and special offers to You. Specifically, identifying information and Online User Activity may be shared through targeting cookies or other means. Please visit Your Privacy Choices page for more information about such sharing and to opt-out of such activities. You can opt back in to targeting cookies there as well, and opt back in to data extracts by contacting us as directed below. Our Services also endeavor to process “Global Privacy Control” (GPC) signals from web browsers by automatically opting-out website visitors from third party targeting cookies on the visited website, although GPC technology is not fully developed and it is not yet supported by all browsers. In addition, if you prefer not to have information collected through the use of cookies, most browsers allow you to reject cookies. If you choose to decline cookies, you may not be able to fully experience the interactive features our Services provide.

4. How We Use Personal Information We Collect

We use personal information we collect for purposes allowed by applicable laws, including:

· Provide our Services to you, including reservations, guest accommodations at our properties, and all activities associated with guest stays and our hotel properties, respond to your inquiries and other communications;

· Operate, evaluate, and improve our Services, including reservation and guest accommodation systems, loyalty or guest programs we offer, and other aspects of our Services;

· Tailor the content that we display to you in our Services and communications, including advertising, and offer opportunities and information that we believe may be of interest to you;

· For our business purposes, such as data analysis, audits, developing new products and features, enhancing our website, improving our products and services, identifying usage trends, and determining the effectiveness of our promotional campaigns;

· Provide you with administrative notices, such as to inform you about changes to this Policy and our Terms;

· Comply with and enforce as needed applicable legal requirements, industry standards, our policies, and our contractual rights; and

· For any other purpose specified at the point of collection or as described in your express authorization.

We may use and disclose non-personal, non-individual statistics or demographic information in aggregate form without restriction.

5. How We Share Personal Information

We will not disclose your personal information to third parties without your consent, except in the following circumstances:

· We may share your information as permitted by law, including, for example, with legal affiliates and service providers that we believe need the information to perform

a technology, business, or other professional function for us (examples include IT services, maintenance and hosting of our Services, marketing partners, and other service providers). We provide such vendors with information so that they can perform their required functions on our behalf, in accordance with this Policy and applicable law;

· We may share your relevant information as necessary with hotel property owners and management companies, and other businesses involved in the ownership or operation of a property that you stay at, subject to contractual obligations and protections, in connection with the purposes described in this Policy;

· We may share your relevant information with your designated travel agency, booking partner or employer (for your business travel they oversee), loyalty program or travel benefits partner, as needed to facilitate your stay and/or at your directions, in connection with the purposes described in this Policy;

· We may disclose information about you: (i) if we are required to do so by law or legal process; (ii) when we believe disclosure is necessary to prevent harm or financial loss; (iii) in connection with an investigation of suspected or actual fraudulent or illegal activity; or (iv) under exigent circumstances to protect the personal safety of our staff, users, or the public; and

· We reserve the right to transfer the information that we maintain in the event of a contemplated or actual sale or transfer of all or a relevant portion of our business or assets. If such an event occurs, we will make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Policy.

6. Your Rights and Choices

We offer you certain choices about what information we collect from you, how we use and disclose the information, and how we communicate with you.

· Marketing Emails: From time to time, we may contact you via email or through other channels for the purpose of providing announcements, promotional information and/or other general communication. In order to improve our Services, we may be notified when you open an email from us or click on a link therein. You may choose not to receive marketing emails from us by clicking on the unsubscribe link in the marketing emails you receive from us. Even if you opt out of receiving such communications, we may continue sending you non-marketing email communications, such as administrative or transaction alerts, or information about changes to our terms of service.

· Cookies: As noted above, our Services allows users to opt-out of certain third party cookies. In addition, web browsers may offer users the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our Services may not function correctly.

· Targeted Advertising: As noted above, we may work with advertising partners who collect information about your online activities and provide you with choices regarding the use of your browsing behavior for purposes of targeted advertising.

Popular advertising services you may opt out of include Google, the Network Advertising Initiative and Digital Advertising Alliance.

7. State-Specific Notices

7.1. Residents of California or Virginia (and Colorado or Connecticut after July 1, 2023)

In addition to the other disclosures in this Policy, if you are a California or Virginia resident (or, as of July 1, 2023, a Colorado or Connecticut resident), you can exercise certain additional rights regarding your personal information:

· You may request a copy of the following: (1) the categories of personal information we collected about you; (2) the categories of sources from which the personal information is collected; (3) the business or commercial purpose for collecting or selling (if applicable) the personal information; (4) the categories of third parties with whom we shared personal information, and the categories of personal information shared; and (5) the specific pieces of your personal information that we have collected, used, disclosed, or sold.

· You may request that we (and our service providers) correct your personal information if it is inaccurate or delete your personal information. Note that deletion requests are subject to certain limitations, for example, we may retain personal information as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, to process transactions and facilitate customer requests, and for certain other internal business purposes described in this Policy.

Please contact us as provided below to exercise any of these requests. You may authorize another person (your "agent") to submit a request on your behalf the same way. Shortly after you (or your agent) submit a request, we will check our records for matching information and contact you (via email at the email address provided during submission of your request) with instructions on how to verify the request before we fulfill it. We will aim to complete your requests as soon as reasonably practicable and consistent with any applicable laws.

You also have the right at any time to opt out of (i) sharing of your personal information to third parties, and (ii) targeted advertising through third parties. We do not transfer your personal information to third parties in exchange for money but information may be shared with certain third party advertising partners for our targeted advertising purposes through targeting cookies on our Services. Please visit "Your Privacy Choices" to opt-out of third party targeting cookies. As noted above, we also endeavor to process GPC signals from web browsers by automatically opting-out such visitors from third party targeting cookies.

Privacy laws may provide you with other opt-out rights which are inapplicable to us. In particular, we do not engage in impactful profiling activities with respect to customers, and we do not collect, use or disclose sensitive personal information (such as government identification number, precise geolocation, financial account credentials, etc.) except for the specific purpose(s) that you provide it.

We may not, and will not, discriminate against any individual for exercising their privacy rights, including those provided by the applicable privacy laws. Please note that we may otherwise continue to share your personal information with our affiliates and service providers, and as otherwise directed by you, for the purposes described in this Policy.

If we deny a privacy request, you may appeal the decision to us at the contact information provided below. To the extent possible, please describe the basis for your appeal and if there is any specific personal information that concern you.

7.2. Residents of California Only

This Section is provided specifically for California residents.

· Categories of information. In at least the past 12 months, we have collected the categories of personal information described above in this Policy, including: identifiers (such as name, email address, IP address); commercial information (such as guest transactions); internet activity (such as pages visited, product searches); geolocation data (if your browser shares such information); and sensitive personal information (such as account credentials).

· Financial Incentives. We may offer discounts or other benefits to customers enrolled in certain subscription or loyalty programs: Individuals can opt-in to such programs where offered-please refer to such offers for details about each programs benefits, terms and conditions, and please note that they are subject to change from time to time. Customers can always opt-out of these programs. We do not generally assign monetary value to customers' personal information, and promotions activity associated with any subscription or loyalty programs change continually. To the extent California law requires that a value be assigned to such programs, or to the price or service differences they involve, we value the information collected and used under each program as being equal to the value of the discounts or other financial incentives provided in each such program, based upon a practical and good-faith effort to assess, on an aggregate basis for all collected information: (i) the type of information collected in each program (e.g., email address), (ii) the use of such information by us in connection with its marketing activities, (iii) the range of discounts provided (which can depend on each customer's use of such offers), (iv) the number of total individuals enrolled in the programs, and (v) the products for which the benefits (such as a discount) can apply. These variable factors continue to change over time. This description is without waiver of any proprietary or business confidential information, including trade secrets, and it does not constitute any representation with regard to generally accepted accounting principles or financial accounting standards.

· Privacy rights requests for non-customers. California privacy rights apply to all individuals (not just customers of our Services), including job applicants, current and former employees, contractors and business partners. Job applicants may provide contact information and resume-related information (e.g., past education and experience) as well as complete relevant background checks. Employees receive internal privacy disclosure relevant to them. Contractors and business partners provide business contact information and payment-related information as

necessary to facilitate a prospective or actual business relation. Due to the nature of these relationships, the precise collection and use of personal information can vary. All such individuals who are California residents can request additional information about our privacy practices with respect to their information, as well as make the access, deletion, correction and opt-out requests described above, by contacting us as directed below. Please provide sufficient information that we can identify you, and be aware that we may employ a more extensive authentication process to verify your identity before responding to your request.

· Do Not Track. Do Not Track (DNT) is a privacy preference you can set in most browsers but there is no standard interpretation or practice for responding to DNT signals (see https://allaboutdnt.com/ for more information), and we therefore handle all user information consistent with this Notice. We do endeavor to support browser GPC signals as discussed above.

· Direct Marketing. We do not share personal information such as your contact information with third parties for their own direct marketing purposes.

7.3. Nevada residents We do not sell personal information as defined by Nevada law (Nevada Revised Statutes, Chapter 603A, Section 1.6). You can submit a request to us regarding the sale of such information via the contact information below (Section X).

8. International Notices Our Services are controlled and operated by us from the United States and are not generally intended to subject us to the laws or jurisdiction of any state, country, or territory other than those of the United States. Any information that you provide through use of the Services may be stored and processed, transferred between, and accessed from, the United States and other countries which may not guarantee the same level of protection of personal information as the one in which you reside. However, to the extent we are subject to the privacy laws of a jurisdiction outside the United States, personal information will be handled in accordance with such jurisdiction's privacy laws, as applicable.

This section is therefore intended specifically for individuals residing outside of the United States ("US"). This includes residents of the European Economic Area ("EEA") including the European Union ("EU"), the United Kingdom ("UK"), Switzerland and other relevant jurisdictions with respect to privacy and data protection laws to the extent they are applicable to us.

· Legitimate Bases for Processing: Where required by law, all processing of personal information is justified by a legally-recognized basis for processing. In the majority of cases, processing will be justified on one or more of the following bases for processing: (i) The processing is necessary to perform a contract with you (such as if you make a hotel reservation or subscribe to our email marketing); (ii) The processing is necessary for us to comply with a relevant legal obligation, such as keeping accounting records; (iii) The processing is in our legitimate interests, which are not overridden by your interests and fundamental rights. Our legitimate interests

are to use guest data and other information we collect to reasonably and responsibly conduct and develop our business activities without abusing any privacy interests or rights of such individuals; and (iv) In some instances, we rely on your consent to our processing (at times as a secondary basis for processing in an abundance of caution).

· Transfer of Personal Information: If you are in the EEA/EU, the UK, Switzerland or another jurisdiction that has imposed similar legal requirements regarding the lawful transfer of personal information from that jurisdiction to another country (e.g., the US), to the extent that we engage in such a transfer of your personal information (a "Cross-Border Transfer") we will take steps to ensure that such Cross-Border Transfer satisfies known legal requirements. In particular, if we transfer personal information across jurisdictions we will rely on available adequacy decisions, derogations and/or data transfer agreements with standard contractual clauses approved by relevant regulatory authorities to facilitate any transfers with applicable business partners, affiliates and service providers. Some of our hotels have distinct owners or operators, and they may receive data from us as an independent data controller for the purposes described here.

· Exercising You Privacy Rights: Residents of certain jurisdictions are entitled to exercise certain rights under privacy laws applicable to their personal information. The rights described below are, for example, applicable to residents of the EEA/EU, Switzerland and UK. This includes the right to (a) request access to your personal information; (b) request that we correct inaccurate personal information we hold about you; (c) request that we delete any personal information we hold about you; (d) restrict or object (i.e., withdraw consent) to the processing of personal information we hold about you in some circumstances; and/or (e) receive any personal information we hold about you in a structured and commonly used format. You also have the right to lodge a complaint with your supervisory authority if the processing of your personal information infringes applicable law. Please contact us as provided below if you wish to exercise any of your rights, or if you have any inquiries or complaints regarding the processing of your personal information.

9. Online Advertising You may see us promoted by other organizations, on various websites, web pages, social media and other platforms. Please note that we do not always have complete information about where our organization may be displayed or promoted, and if you believe that we are featured in venues that are inappropriate or offensive, please contact us as directed below.

10. Links to Other Websites and Third Party Content Our Services may contain links to other websites or apps. This can include social media integrations. Please be aware that we are not responsible for the content or privacy practices of such other websites or apps, and we encourage you to be aware when you leave our Services and to read the privacy statements of any other website or app that collects personal information.

11. Security and Data Retention We maintain reasonable security safeguards designed to protect information about our website visitors in our possession and control, and to protect such information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, we cannot ensure the security of any information that you transmit to us, or guarantee that this information will not be accessed, disclosed, altered, or destroyed. We will make any legally required disclosures in the event of any compromise of personal information. To the extent the law allows us to provide such notification via email or conspicuous posting on the Services, you agree to accept notice in that form. We apply a general rule of keeping personal information only for as long as required to fulfill the purposes for which it was collected including (i} to provide you with our Services, such as to maintain account profiles while active and after termination for the purposes described above, and (ii} as reasonably as necessary for legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.

12. Information Related to Minors Our website and other online Services are not intended for minors under 13, and we do not knowingly collect personal information online from minors under 13. We will endeavor to promptly delete any information identified as having been provided by such persons as required by applicable law.

13. Changes to Our Notice We may change this Policy from time to time. When we do, we will let you know by posting the changed Policy on this page with a new "last updated" date. In some cases, we may also tell you about changes by additional means, such as by posting a notice through the Services or sending an e-mail to you. Changes will become effective when posted. We encourage you to periodically check our Privacy Policy to see if there have been any changes of interest to you. Your continued use of the Services after an update to our Privacy Policy constitutes agreement to the policy as revised.

14. Contact Us If you have any questions, concerns or comments about this Privacy Policy, our privacy practices, or if you have any requests in regard to your personal information, please contact us via mail to: Retro Hospitality by email to Info@RetroHospitality.com

This Policy was last updated October 10, 2024.