Level Hotels & Furnished Suites - Website Global Privacy Notice

Introduction

Level Hotels & Furnished Suites is committed to being transparent about how we collect, use, disclose, and protect personal data. This Privacy Notice describes our privacy practices and provides information to help you understand how your personal data is handled and the choices available to you.

Who Does This Notice Apply To?

This Privacy Notice applies to personal data collected by Level if you:

visit our websites, including stayinglevel.com;
submit an inquiry, such as an extended stay or event request;
make or manage a reservation using our booking engine(s);
sign up for marketing or promotional communications; or
use (or plan to use) chat, messaging, or similar communication tools.

This Privacy Notice should be read together with our Supplemental U.S. Privacy Notice. Where there is a conflict between this Privacy Notice and the Supplemental U.S. Privacy Notice, the Supplemental U.S. Privacy Notice applies to U.S. residents.

What is Personal Data?

Personal data refers to any information that relates to an identified or identifiable individual. This may include, for example, a name, email address, mailing address, phone number, online identifiers (such as an IP address or cookie identifiers), or other information that can reasonably be linked to an individual.

Privacy regulations we need to comply with

Level operates in Canada and the United States and may interact with customers and website visitors in other jurisdictions. As a result, we may be required to comply with different privacy and data protection laws depending on where you are located and how you interact with us. These laws may include, for example:

the General Data Protection Regulation (“GDPR”) in the European Union, where applicable;
the UK General Data Protection Regulation (“U.K GDPR”) and Data Protection Act (“DPA”) in the United Kingdom, where applicable;
U.S. privacy laws, including the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”); and
the Personal Information Protection and Electronic Documents Act (“PIPEDA”), BC Personal Information Protection Act (“BC PIPA”), and other substantially similar provincial privacy laws in Canada.

Level respects your privacy rights and is committed to protecting your personal data in accordance with the requirements and expectations of the laws that apply based on your location.

Our responsibility to your personal data

Some privacy and data protection laws distinguish organizations based on the role they play in processing personal data. For the purposes described in this Privacy Notice, Level acts as a data controller, meaning that we determine the purposes and means of collecting and processing your personal data. We are responsible for how your personal data is collected, used, disclosed, stored, and protected.

In certain circumstances, we engage third-party service providers (such as booking platforms, recruitment systems, analytics providers, and advertising partners) to process personal data on our behalf. These providers are permitted to access and process personal data only as necessary to provide services to us and in accordance with applicable contractual and legal obligations.

In some cases, third-party platforms may process certain personal data for their own independent purposes, such as operating and securing their platforms or improving their services. Where this occurs, the processing of personal data by those third parties is governed by their own privacy notices and practices.

How We Collect and Process Your Personal Data

Level collects personal data from multiple sources, depending on how you interact with us, including:

Directly from you;
Indirectly from third parties; and
Automatically through your activity on our websites and digital services

a) Personal Data We Collect Directly

We collect and process the following personal data directly from you when you interact with Level through our websites or services. Below we describe what we collect and why.

Extended Stay Inquiries
If you submit an extended stay inquiry through our website, we collect your first name, last name, phone number, email address, location, how you heard about us, and your consent selection(s) (for example, a marketing consent checkbox where applicable).We use this personal data to acknowledge and respond to your inquiry, provide information about extended stay options, and route your request to the appropriate teams and systems for follow-up. Where permitted, we may also use this information to send you marketing communications.
Event Forms
If you submit an event inquiry through our website, we collect your first name, last name, email address, phone number, event name, event date, date flexibility, event type, guest room needs, number of attendees, and any additional information you choose to provide.We use this personal data to respond to your request, assess event requirements, and communicate with you regarding event availability and services.
Booking Engine (“Book Now”)
If you make a reservation using our booking engine, we collect your first name, last name, phone number, email address, country, address, city, ZIP/postal code, and payment information (such as card number, expiration date, CVV, and name on card), as well as booking and reservation details.We use this personal data to create and manage your reservation, process payments, send confirmations and booking-related communications, provide guest services, and help prevent fraud and misuse.When you make a booking, you may be redirected to or interact with a third-party booking provider. In those cases, the third party’s privacy notice will also apply to your personal data.
Communication Sign-Up
If you sign up to receive email communications from Level, we collect your first name, last name, email address, and, if you choose to provide them, phone number, city, and state/province.We use this personal data to send you marketing communications and updates about Level and our services. You may unsubscribe at any time.
Careers/Job Applications
If you apply for a job through our website, we collect your first name, last name, email address, and information related to your application such as your resume/CV, employment history, location, and application responses.We use this personal data to evaluate your qualifications, communicate with you about your application, and manage the recruitment process.Job applications may be processed through a third-party recruitment platform which may process your personal data in accordance with its own privacy notice.
Chatbot/Live Chat
If you use a chatbot or live chat feature on our website, we may collect your name, email address, phone number, booking-related information (such as confirmation number, arrival date, and departure date), and the chat transcript.We use this personal data to provide support, respond to inquiries, and assist with booking-related questions. Please note that any free-text fields may capture additional personal data depending on the information you choose to provide.
Restaurant Booking
If you make a dining reservation through a restaurant booking feature on our website, we may collect your name, email address, phone number, reservation date and time, party size, and additional notes.We use this personal data to manage your reservation, communicate with you regarding changes, and provide dining services.

b) Personal Data We Collect Indirectly from Third Parties

The following describes the personal data we collect from third-party sources, where permitted by law.

Third-Party Websites and Platforms
When you book Level through third-party websites, follow our social media accounts, or use third-party tools integrated into our website, those third parties may share personal data with us in accordance with their privacy practices.These third-party platforms control how they collect and share personal data. We encourage you to review their privacy notices for more information.We use personal data collected indirectly to manage our services, improve our offerings, and send marketing communications that may be of interest to you, subject to applicable law and your preferences.

c) Personal Data We Collect Automatically

When you visit or interact with our websites, we automatically collect certain information about your device and activity, including IP address, approximate location, browser and device information, pages visited, and interactions with website content.

We use cookies, pixels, beacons, and similar technologies to understand how visitors navigate our websites, measure performance, and improve user experience. Where permitted, we also use these technologies to support marketing and advertising activities.

You can manage your cookie preferences through our cookie consent tool and browser settings. For more information, please refer to our Cookie Notice, available at [insert link to Cookie Notice].

d) Personal Data We Collect When You Visit Our Properties

We may collect personal data when you visit our properties for safety and security purposes, including images captured by video surveillance cameras where cameras are installed.

We use this personal data to help protect the safety of guests, visitors, tenants, and staff, and to investigate incidents where appropriate.

Our legal basis for processing your personal data

Under the GDPR in the EU and the UK GDPR and DPA, Level must identify a lawful basis for processing personal data.

Level will not collect, use, disclose, or otherwise process your personal data unless we have a valid legal basis to do so. Depending on the circumstances, we will process your personal data only where:

You have provided your consent to the processing of your personal data (for example, for certain marketing communications or non-essential cookies, where required).
The processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract (for example, to manage a booking, reservation, or extended stay inquiry).
The processing is necessary to comply with a legal or regulatory obligation to which Level is subject.
The processing is necessary for our legitimate interests, provided that those interests do not override your rights and freedoms (for example, to operate, secure, and improve our websites and services, or to prevent fraud and misuse).
The processing is necessary to protect your vital interests or those of another individual (for example, in the event of an emergency).

Where required by law, we will inform you of the specific legal basis relied upon at the time your personal data is collected.

Who Has Access to Your Personal Data?

Level will only disclose personal data under specific circumstances and to the following categories of recipients:

Level personnel, where access is required to fulfill your request or provide services;
vendors, consultants, and other service providers who require access to perform services on our behalf and on a need-to-know basis (for example, website hosting, form tools, booking providers, recruitment platforms, and analytics providers);
third parties that support our business operations and service delivery, including booking, operational, and technology partners, where applicable;
marketing and advertising partners that support marketing activities and campaign measurement, subject to your preferences and applicable law;
public authorities or government bodies, where required or permitted by law;
third parties involved in a business transaction, such as a merger, sale, reorganization, or financing, as permitted by applicable law; and
any other third party, where you have provided your consent to such disclosure.

How Do We Keep Your Personal Data Safe?

Level is committed to protecting the personal data we collect, use, disclose, and otherwise process. We maintain appropriate administrative, technical, and physical safeguards and take reasonable steps designed to protect personal data against unauthorized access, disclosure, alteration, or destruction.

Our security measures may include restricted access to facilities, access controls, information technology security measures such as firewalls and role-based permissions, and internal policies and training. Access to personal data is limited to employees and third parties who have a legitimate business need to access such information.

Where Is Your Personal Data Stored?

The personal data we collect may be stored or processed on servers located in Canada and the United States and may also be processed in other jurisdictions depending on where our service providers operate.

We take appropriate steps to ensure that cross-border transfers of personal data comply with applicable law. We only transfer personal data to third parties where we are satisfied that appropriate safeguards are in place to protect your personal data.

Where personal data subject to the GDPR is transferred outside the European Union, United Kingdom, or Switzerland to jurisdictions that are not considered to provide an adequate level of protection, we rely on appropriate safeguards, which may include standard contractual clauses approved by the European Commission or other lawful transfer mechanisms.

How Long Do We Retain Your Personal Data?

Level retains personal data only for as long as necessary to fulfill the purposes for which it was collected and to meet legal, regulatory, tax, accounting, or business requirements.

We maintain retention practices, and where applicable retention schedules, that define how long personal data is retained and how it is securely destroyed, erased, or anonymized when it is no longer required.

Personal Data from Minors

Our websites and services are not directed at individuals under the age of 18, and we do not knowingly collect personal data from minors.

If you are a parent or guardian and believe that a minor has provided us with personal data, please contact us using the details below. If we become aware that we have collected personal data from a minor without appropriate authorization, we will take steps to delete such information in accordance with applicable law.

What Rights Do You Have Regarding Your Personal Data?

Subject to applicable law and certain exceptions, you may have rights regarding your personal data, including the right to:

request access to personal data we hold about you;
request correction of inaccurate or incomplete personal data;
request deletion of personal data, in certain circumstances;
request restriction of processing or object to processing, where permitted by law; and
request to receive your personal data in a commonly used electronic format, where applicable.

To process your request, we may require additional information to verify your identity. We will respond within the timeframes required by applicable law. If you are not satisfied with our response, you may have the right to lodge a complaint with a relevant supervisory or regulatory authority.

If processing is based on your consent, you may withdraw your consent at any time. Withdrawal will not affect the lawfulness of processing carried out prior to withdrawal.

Requests may be submitted by email to [email protected] or through our privacy request form.

U.S. Residents

If you are a resident of the United States, including California, you may have additional rights under applicable U.S. state privacy laws, including rights relating to targeted advertising, sale or sharing of personal data, sensitive personal data, and appeals of privacy rights decisions.

Details regarding U.S.-specific rights and how to exercise them are set out in our Supplemental U.S. Privacy Notice, available at:

Supplemental U.S. Privacy Notice.

Links to Other Websites and Applicable Privacy Notices

Our websites may contain links or references to third-party websites or services (for example, booking providers, recruitment platforms, or other tools).

Level does not control these third-party websites or services, and this Privacy Notice does not apply to them. If you click a link and leave our website, the privacy notice of the third party applies to information collected on that website or service.

Some third-party services may be integrated into our websites (such as chat tools or booking widgets). When you use these integrated services, the third party may collect and process your personal data. We encourage you to review the privacy notices of all third-party websites and services you use.

How to Contact Our Privacy Committee

We welcome your feedback or any questions regarding our Privacy Notice or the use of your personal data. . We can be reached at the following address:

by email at: [email protected]
by mail: Onni Group of Companies, 200-1010 Seymour Street, Vancouver, BC V6B 3M6
by phone: 604-602-7711

How We Update This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or business operations. Any updates will be effective when posted on the Site. The “Last Updated” date indicates when this Privacy Notice was most recently revised.

Modern living room with gray sofas, a round coffee table, wall-mounted TV, and minimalist decor. Large windows and an open door let in natural light; a bedroom is visible in the background.

Get on the list.

Receive exclusive access to stay offers, events & more

Yes, I would like to sign up for the newsletter.

By signing up, you’ll receive emails from Onni Group Hospitality Collection about our properties, services, offers, and other updates. You can unsubscribe at any time using the link in our emails.

Where would you like to stay?

When would you like to stay?