Table of Contents
- Who are we?
- How do we collect information from you?
- Cookies and other technologies
- How do we use your information?
- Who has access to your information?
- Our Legal Bases for Processing and Sharing Your Information
- Cross Border Transfer
- How do we store and protect your information?
- How long we retain your information
- Your choices with respect to your information
- Privacy of individuals under 18
- Links to other websites and services
- Browser Do Not Track
- California Consumer Privacy Act
- EU Data Subject Rights
- Contact us
- Changes to the Policy
1. Who are we?
Empire State Realty Trust, Inc. ("ESRT," “we,” “our,” “us”), a leading real estate investment trust ("REIT"), owns, manages, operates, acquires, and repositions office and retail properties in Manhattan and the greater New York metropolitan area, including the Empire State Building, the world's most famous building. Headquartered in New York, New York, ESRT's office and retail portfolio covers 10.1 million rentable square feet, as of March 31, 2020, consisting of 9.4 million rentable square feet in 14 office properties, including nine in Manhattan, three in Fairfield County, Connecticut, and two in Westchester County, New York; and approximately 700,000 rentable square feet in the retail portfolio.
2. How do we collect information from you?
When you use the Services we collect information in three ways:
- information you provide to us - for example: when you use the "contact us" form on the website or when you submit an application to use our trademarked names and images;
- information we collect when you use the Services - for example: using “cookies” and other technologies to assess how you use the Services; and
- information we receive from third parties - for example: third-party analytics or advertising providers.
Information you provide to us:
When you use our Services, we collect information that you choose to share with us.
If you contact us or fill out an application, for example, to gain permission to use our trademarked name or images, you will need to provide us with contact information, such as your full name, telephone number, and email address. We also collect any other information that you choose to provide, such as your comments or questions or the details of your requests.
If you purchase tickets on the website or at one of the ticketing kiosks at the Empire State Building, you will need to provide us with your name, email address, billing address, and payment card information, as well as contact information for yourself or for the individuals for whom you are purchasing tickets so that we may email them a ticket directly.
If you choose to connect to our wifi network while visiting an ESRT property, we will collect your email address for the purpose of sending emails to you about our products and services. You may also choose to login to the wifi network using your social login credentials, e.g., your Facebook ID and password. If you do this, we will receive information from your Facebook account, including your full name, email address, country of residence, and gender for the purpose of sending emails about our products and services.
The personal information we collect may include, but is not limited to, the following:
- identifiers such as an alias, postal address, unique personal identifier, online identifier, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers;
- signature, physical characteristics or description, state identification card number, insurance policy number, education, employment, employment history, credit card number, or any other financial information, medical information, or health insurance information;
- characteristics of protected classifications under California or federal law (sex, race, religion, color, national origin, age, handicaps);
- biometric information;
- audio, electronic, visual, thermal, olfactory, or similar information;
- professional (or employment) related information;
You may opt out of receiving promotional emails from us at any time by clicking on the "Unsubscribe" link in the footer of any email or emailing email@example.com.
Information we automatically collect when you use the Services:
When you use the Services, we collect log file information, which your browser or device automatically reports each time you interact with the Services. This information may include:
- details about your use of the Services such as when you access our Services and when you return;
- device information, such as hardware settings, web browser type, and language;
- internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement;
- IP address;
- identifiers associated with cookies or other technologies that may uniquely identify your device or browser;
- times you access pages;
- pages you view, searches you submit; and
- pages you visited before or after navigating to our website.
3. Cookies and other technologies
When you use the Services, we or our third-party providers place a text file called a “cookie” in the browser directory of your computer’s hard drive. These may be session cookies, which expire once you close your browser, or persistent cookies, which stay on your device for a set period of time or until you delete them. We use these cookies to support the functionality of our website, including adjustments to content. Below is more detail about the types of cookies that we use:
- Required: These cookies are required for the functioning of the website and may be used to implement security features or embed video or sound files.
- Functional: These cookies record some of your activity on the website, as well as information about your device, such as what browser you are running and what pages you access. This information helps us and our third party service providers diagnose server and software errors, and in cases of abuse, track and mitigate the abuse.
- Advertising: These cookies collect information in order to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers on websites that you visit, and in some cases selecting advertisements that are based on your interests.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to disable cookies on your browser (see below), but doing so may prevent you from using the full features of the Services. For information about your choices regarding these technologies, please see “Your Choices with Respect to Your Information” below.
Google Analytics: We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics may set cookies on your browser or mobile device or read cookies that are already there to collect information. Google Analytics may also receive information about you from apps you have downloaded that partner with Google. Google Analytics collects information such as how and how often you use the Services. We use the information provided by Google Analytics to improve the Services. We do not combine the information collected through the use of Google Analytics with personal information. For more information regarding how Google collects, uses, and shares your information please visit http://www.google.com/policies/privacy/partners/.
4. How do we use your information?
We use the information we collect about you in order to improve our Services and provide you with features that interest and work well for you. We use the information to:
- facilitate the purchase of tickets and provide you with our Services;
- provide technical support for using the Services;
- notify you of changes to our Services;
- communicate with you about the Services by email, for example, to respond to your technical support inquiries;
- personalize the Services by customizing the advertising content we provide you;
- improve ad targeting and measurement (See the “Your Choices with Respect to Your Information” section below for more information about our advertising practices and your choices);
- develop new products and services and improve them and your experience with them;
- seek your views or comments on the Services we provide;
- send you information about our products or services and new offers which we think may interest you;
- monitor and analyze trends and usage;
- enhance the safety and security of our Services;
- verify your identity or prevent or detect fraud or other unauthorized or illegal activity;
- to audit related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
- to debug to identify and repair errors that impair existing intended functionality;
- for short-term, transient use, provided that the personal information is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction;
- to perform services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services;
- to undertake internal research for technological development and demonstration;
- to undertake activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us;
- further any commercial purposes, including any purpose to advance your commercial or economic interests, such as by inducing you to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction.
- enhance the Services and your experience with them;
- protect the rights, property, or safety of us, our users, or any other person or the copyright-protected content of the Services; and
We may analyze your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you and provide targeted advertising. (See the “Your Choices with Respect to Your Information” section below for more information about your choices).
5. Who has access to your information?
We may share information collected about you in the following ways:
- With service providers, sellers, and partners;
- With analytics service providers and advertisers;
- With third parties for legal reasons;
- With third parties as part of an acquisition or liquidation; or
- Aggregated information with third parties.
With service providers, sellers, and partners:
We share information about you with service providers to perform functions and process your data and to help provide our Services, including hosting and storage providers or email service providers. In addition to using your information to help us provide our Services, service providers may use your personal information internally to improve their own services and may share it in connection with a sale, divestiture, or transfer of business assets; to protect their rights; or to comply with the law. In addition, our providers may share your personal information with their own third-party service providers. They may also combine the information about you that we share with them with contact and social media information related to you that they collect from publicly available sources or from third parties.
With analytics service providers and advertisers:
Some companies may use information collected on our Services to deliver advertisements on behalf of us or other companies, targeted to your interests and preferences, on other websites or apps you may visit or on your social media feed and to gauge their effectiveness. To learn about your choices regarding this sharing of your information please see “Your Choices with Respect to Your Information” section below.
With third parties for legal reasons:
We would share information about you if we reasonably believe that disclosing the information is needed to:
- comply with any valid legal process, governmental request, or applicable law, rule, or regulation;
- protect the rights, property, and safety of us, our users, or others; or
- detect and resolve any fraud or security concerns.
With third parties as part of an acquisition or liquidation:
If we are involved in a merger, asset sale, financing, corporate divestiture, reorganization, or acquisition of all or some portion of our business to another company, or if we undergo liquidation or bankruptcy proceedings, we may share your information with that company before and/or after the transaction closes or the proceedings are completed.
We also share with third parties—such as advertisers—aggregated or de-identified information and we do not limit our third-party providers from using, selling, licensing, distributing, or disclosing de-identified data.
6. Our Legal Bases for Processing and Sharing Your Information
We process your information and share it with third parties for the purposes described in this Policy, based on the following legal grounds:
- With your consent;
- For our legitimate interests;
- To fulfill our contractual obligations; and
- To comply with legal obligations.
With your consent:
We ask for your consent to process or share your information for specific purposes and you have the right to withdraw your consent at any time. For example, we ask for your consent to provide you with promotional information. We also ask for your consent to collect information through surveys.
For our legitimate interests:
We process and share your information for our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. For example, we process and share your information in order to help us:
- Maintain and improve our Services;
- Perform analytics and research aimed at improving the accuracy, effectiveness, usability, or popularity of the Services;
- Improve the content and features of the Services or develop new content and features;
- Promote the Services;
- Detect, prevent, or otherwise address fraud, abuse, security, or technical issues with the Services;
- Protect against harm to the rights, property, or safety of ESRT, our customers, or the public as required or permitted by law; and
To fulfill our contractual obligations:
We process and share your information to provide a service you have requested under a contract. For example, we process your payment information when you purchase a ticket to visit the Empire State Building.
To comply with legal obligations:
We process and share your information when we have a legal obligation to do so, for example, if we’re responding to legal process or an enforceable governmental request.
7. Cross Border Transfer
We transfer, process, and store information about you on servers located in the United States. Therefore, your information may be transferred to, stored, or processed in the United States, whose data protection, privacy, and other laws may not provide the same level of protection as those in your country of residence. For example, government entities in the United States and other countries may have certain rights to access your personal information. If we transfer your information outside of your country of residence in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
By using the Services, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States and to those third parties with whom we share it as described in this Policy.
8. How do we store and protect your information?
We take reasonable precautions to protect your information. Please keep in mind that the Internet is not a 100% secure medium for communication, and we cannot guarantee that the information collected about you will always remain private when using our Services. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
9. How long we retain your information
We will retain your information after you stop using Services to the extent that we are obliged to do so in accordance with applicable laws and regulations and/or as necessary to protect our legal rights or for certain business requirements.
Please note that even if you request that we delete your information, deletion by our third party providers may not be immediate and the deleted information may persist in backup copies for a reasonable period of time.
10. Your choices with respect to your information
Updating your information: If you need to access, update, or delete other personal information that we may have, you can send a request to firstname.lastname@example.org. To protect your privacy, before we give you access or let you update your information, we may ask you to verify your identity or provide additional information. We will try to update and allow you to access your information for free, but if it would require a disproportionate effort on our part, we may charge a fee. We will disclose the fee before we comply with your request. We may reject a request for a number of reasons, including, for example, that the request risks the privacy of other users, requires technical efforts that are disproportionate to the request, is repetitive, or is unlawful.
Emails: You can stop receiving promotional email communications – such as our newsletter – from us by clicking on the “unsubscribe link” provided in such communications. We will retain your email address in order to be able to abide by your opt out choice. We make efforts to promptly process all unsubscribe requests. You may not opt out of service-related communications. If you have any questions, you can contact us directly at email@example.com. Unsubscribing or opting out of communications with us will not stop communications you receive from third parties separately. Please review their terms and conditions for relevant options for opting out of their communications.
Analytics: You can control the information provided to Google and opt out of certain ads provided by Google by using any of the methods set forth at http://www.google.com/policies/privacy/partners/ or using the Google Analytics opt out browser add-on at http://tools.google.com/dlpage/gaoptout?hl=en.
Cookies and other technologies: Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Services may not function properly if the ability to accept cookies is disabled.
Turning off your browser’s cookies will also prevent web beacons from tracking your specific activity. The web beacon may still record an anonymous visit from your IP address, but unique information will not be recorded.
If you do not want to receive tracking pixels, you will need to disable HTML images in your email client, which may affect your ability to view images in other emails that you receive. To find out how to see what cookies have been set and how to reject and delete the cookies, please visit: http://www.aboutcookies.org.
Advertising: You can understand which third parties have currently enabled cookies for your browser or mobile device and how to opt-out of some of those cookies by visiting the Network Advertising Initiative’s website at http://optout.networkadvertising.org/#!/; or the Digital Advertising Alliance’s website at http://optout.aboutads.info/#!/ or, if you’re located in the European Union, at http://www.youronlinechoices.eu . For more information on mobile-specific opt-out choices, please visit http://www.networkadvertising.org/mobile-choices.
On your mobile device you may have features that allow you to opt out of some targeted advertising (“Limit Ad Tracking” on iOS devices or “Opt out of Interest-Based Ads” on Android). To learn more about how these opt-out features work, please review your device settings.
Even if you disable the tracking, keep in mind that you may still receive interest-based advertising, including from third parties with whom your information had been previously disclosed and that you may still receive advertising from third parties, though such advertising may not be based on your interests and preferences.
11. Privacy of individuals under 18
Use of the Services is limited to individuals aged 18 or to individuals aged 13-18 that have provided us with valid parental consent. In the event that we learn that we have collected personal information from an individual under 18 without valid parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at ESRT Observatory TRS, L.L.C., 111 West 33rd Street, 12th Floor, New York, NY 10120, (212) 687-8700.
We do not sell the personal information of California consumers that are less than 16 years of age, unless the consumer (in the case of consumers between 13 and 16 years of age) or the consumer’s parent or guardian (in the case of consumers who are less than 13 years of age) has affirmatively authorized the sale of the consumer’s personal information.
12. Links to other websites and services
We are not responsible for the practices employed by websites or services linked to or from our website, including the information or content contained in such websites or services, and this Policy does not apply to them. Your browsing and interaction on any third-party website or service, including those that have a link on our website, are subject to that third party’s own rules and policies. Please read the terms and privacy policies of such websites carefully and exercise care when providing your personal information.
The TripAdvisor Banner on our website contains content displayed on the TripAdvisor app and the treatment of such content is governed by the terms and policies of TripAdvisor.
13. Browser Do Not Track
The Services do not support Do Not Track ("DNT") at this time. DNT is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit https://www.eff.org/issues/do-not-track.
14. California Consumer Privacy Act
As a California resident, you have the right, under the California Consumer Privacy Act, to:
- Request that a business delete any personal information about you which the business has collected from you.
- Request that a business that collects personal information about you disclose to you, free of charge, the following:
- The categories of personal information that it has collected about you.
- The categories of sources from which the personal information is collected.
- The business or commercial purpose for collecting or selling personal information.
- The categories of third parties with whom the business shares personal information.
- The specific pieces of personal information it has collected about you.
- Request that a business that sells your personal information, or that discloses it for a business purpose disclose, free of charge, to you:
- The categories of personal information that the business collected about you.
- The categories of personal information that the business sold about you and the categories of third parties to whom the personal was sold, by category or categories of personal information for each third party to whom the personal information was sold.
- The categories of personal information that the business disclosed about you for a business purpose.
- Direct a business that sells personal information about you to third parties not to sell your personal information.
You may submit a request under the California Consumer Privacy Act through the following methods:
- You may call us toll-free at (212) 687-8700
- You may e-mail us at firstname.lastname@example.org.
To submit a request, we are required to verify your identity. Please be prepared to provide us with [insert data elements]. We will match the personal information that you provide to us with personal information that we already maintain about you in order to verify your identity. We may also need to contact you to confirm your request.
You may also designate an authorized agent to make such requests on your behalf.
We may not be able to honor each request that we receive, but if we are unable to do so, we will respond to let you know our reasons. We will not discriminate against you if you choose to exercise any of your rights as described in this section
15. EU Data Subject Rights
Under the General Data Protection Regulation ("GDPR"), if you are an EU resident and we are processing your personal information, you have the following rights:
- Right of access: You have the right to request a copy of the information that we hold about you.
- Right of rectification: You have the right to have information that we hold about you that is inaccurate or incomplete corrected.
- Right to be forgotten: In certain limited circumstances, you have the right to request that we erase from our records the information that we hold about you.
- Right to restriction of processing: In certain limited circumstances, you have the right to restrict the processing of your information.
- Right to withdraw consent: If you have provided consent for the processing of your information you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
- Right of portability: In certain limited circumstances, you have the right to have the information we hold about you transferred to another organization.
- Right to object: You have the right to object to certain types of processing of your information such as direct marketing (to the extent applicable).
- Right to object to automated processing, including profiling: You have the right to not be subject to the legal effects of automated processing or profiling (to the extent applicable).
- Right to lodge a complaint: You have the right to lodge a complaint to your country's data protection authority if you believe that we have not complied with the requirements of the GDPR with regard to your personal information.
16. Contact us
If you have any questions about this Policy or the Services, please contact us at: ESRT Observatory TRS, L.L.C., 111 West 33rd Street, 12th Floor, New York, NY 10120, (212) 687-8700.
17. Changes to the Policy