Privacy Policy

This Privacy Policy (“Policy”) explains what information we collect, how we use it, with whom we share it, and the choices you have to control, access, and update your information when you browse our website, https://www.esbnyc.com/ (the “Website”),  or use any services that we may offer through this website (collectively, the “Services”).

Table of Contents

  1. Who are we?
  2. How do we collect information from you?
  3. Cookies and other technologies
  4. How do we use your information?
  5. Who has access to your information?
  6. Our Legal Bases for Processing and Sharing Your Information
  7. Cross Border Transfer
  8. How do we store and protect your information?
  9. How long we retain your information
  10. Your choices with respect to your information
  11. Privacy of individuals under 18
  12. Links to other websites and services
  13. Browser Do Not Track
  14. California Consumer Privacy Act
  15. EU Data Subject Rights
  16. Contact us
  17. Changes to the Policy

1. Who are we?

Empire State Realty Trust, Inc. (“ESRT”, “we”, “our”, “us”) is a REIT that owns and manages office, retail and multifamily assets in Manhattan and the greater New York metropolitan area, including the Empire State Building, the World’s Most Famous Building. 

2. How do we collect information from you?

We may modify this Privacy Policy at any time at our sole discretion by posting the modifications on our websites. Any modification will be effective upon posting (unless some other date is specified). You should review this Privacy Policy periodically so that you are aware of any modification. Your use of any of our websites constitutes your full acceptance of the Privacy Policy in its then-current form.

When you use the Services we collect information in three ways:
 

(1)       information you provide to us – for example: when you use the “contact us” form on the website;

(2)       information we collect when you use the Services – using “cookies” and other technologies to assess how you use the Services; and

(3)       information we receive from third parties – e.g., third-party analytics or advertising providers.


Information you provide to us:


When you use our Services, we collect information that you choose to share with us. 

If you contact us, for example, you will need to provide us with contact information, such as your full name, phone number, and email address. We also collect any other information that you choose to provide, such as your comments or questions.


Information we automatically collect when you use the Services:


When you use the Services, we collect log file information, which your browser or device automatically reports each time you interact with the Services. This information may include:

  • details about your use of the Services such as when you access our Services and when you return;
  • device information, such as hardware settings, web browser type, and language;
  • internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement;
  • IP address;
  • identifiers associated with cookies or other technologies that may uniquely identify your device or browser;
  • times you access pages;
  • pages you view, searches you submit;
  • pages you visited before or after navigating to our website; and
  • mobile network information, such as the unique device identifier assigned to your mobile device, mobile carrier, operating system, and other device attributes, when you access the website via a browser on that device.

 

You may also provide us with information when applying for one of our properties. If you are a current or prospective owner or tenant, we or our affiliated entities, property managers or vendors may collect additional information as part of your application or in the course of your ownership or tenancy, such as your current or prior address(es), contact information, date of birth, education, occupation, or employment information, Social Security number or other national identification number, income and other financial information, familial status and information about your dependents, vehicle information, credit information, criminal history, and emergency contact information.

If you are a current tenant and use the ESRT+ Tenant App and/or Web Portal, our property operations service provider may collect information when you register for and/or login to your account, choose to make payments online, if applicable, and about any other communications with us, such as service requests or messages that you send to management.

You are a valued customer, and maintaining your privacy is important to us. If you have any question, please call 212-953-0888.

3. Cookies and other technologies

When you use the Services, we or our third-party providers place a text file called a “cookie” in the browser directory of your computer’s hard drive. These may be session cookies, which expire once you close your browser, or persistent cookies, which stay on your device for a set period of time or until you delete them. We use these cookies to support the functionality of our website, including adjustments to content. Below is more detail about the types of cookies that we use:

  • Required: These cookies are required for the functioning of the website and may be used to implement security features or embed video or sound files.
  • Functional: These cookies record some of your activity on the website, as well as information about your device, such as what browser you are running and what pages you access. This information helps us and our third-party service providers diagnose server and software errors, and in cases of abuse, track and mitigate the abuse.
  • Analytics: Our service providers, including Google Analytics, use cookies as part of their tools. These cookies allow our service providers and us to recognize and count the number of users of the website, see how they interact with the website and different functions, and determine how to improve the website.
  • Advertising: These cookies collect information in order to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers on websites that you visit, and in some cases selecting advertisements that are based on your interests.

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to disable cookies on your browser (see below), but doing so may prevent you from using the full features of the Services. For information about your choices regarding these technologies, please see “Your Choices with Respect to your Information” below.

Google Analytics:  We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics may set cookies on your browser or mobile device or read cookies that are already there to collect information. Google Analytics may also receive information about you from apps you have downloaded that partner with Google. Google Analytics collects information such as how and how often you use the Services. We use the information provided by Google Analytics to improve the Services. We do not combine the information collected through the use of Google Analytics with personal information. For more information regarding how Google collects, uses, and shares your information please visit http://www.google.com/policies/privacy/partners/.

Social media features: Our Services include social media features, such as Facebook, Twitter, YouTube, Instagram, Pinterest, Weibo, or TikTok buttons. These features may collect your IP address, which page you are visiting while using our Services, and any Facebook cookies on your device (including your Facebook ID). These features may set cookies to enable the feature to function properly. Please note that the social media services may collect this information, even if you are not logged in to the relevant social media account when you are using the Services. Your interactions with these features are governed by the privacy policy of the company providing it.

4. How do we use your information?

We use the information we collect about you in order to improve our Services and provide you with features that interest and work well for you.  We may use the information to:

  • provide you with our Services;
  • provide technical support for using the Services;
  • notify you of changes to our Services;
  • communicate with you about the Services by email, for example, to respond to your technical support inquiries;
  • personalize the Services by customizing the advertising content we provide you;
  • improve ad targeting and measurement (See the “Your Choices with Respect to your Information” section below for more information about our advertising practices and your choices);
  • develop new products and services and improve them and your experience with them;
  • seek your views or comments on the Services we provide;
  • send you information about our products or services and new offers which we think may interest you;
  • monitor and analyze trends and usage;
  • enhance the safety and security of our Services;
  • verify your identity or prevent or detect fraud or other unauthorized or illegal activity;
  • conduct an audit related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
  • debug to identify and repair errors that impair existing intended functionality;
  • for short-term, transient use, provided that the personal information is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction;
  • perform services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services;
  • undertake internal research for technological development and demonstration;
  • undertake activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us;
  • further any commercial purposes, including any purpose to advance your commercial or economic interests, such as by inducing you to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction.
  • enhance the Services and your experience with them;
  • protect the rights, property, or safety of us, our users, or any other person or the copyright-protected content of the Services; and
  • enforce this Policy, the Terms of Use, and any other terms that you have agreed to.

We may analyze your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you and provide targeted advertising. (See the “Your Choices with Respect to your Information” section below for more information about your choices).

5. Who has access to your information?

We may share information collected about you in the following ways:

(1)       With service providers, sellers, and partners;

(2)       With analytics service providers and advertisers;

(3)       With third parties for legal reasons;

(4)       With third parties as part of an acquisition or liquidation; or

(5)       Aggregated information with third parties.

With service providers, sellers, and partners:

We share information about you with service providers to perform functions and process your data and to help provide our Services, including hosting and storage providers or email service providers, payment processors, and property management and operations companies, as well as data brokers and consumer reporting agencies. In addition to using your information to help us provide our Services, service providers may use your personal information internally to improve their own services and may share it in connection with a sale, divestiture, or transfer of business assets; to protect their rights; or to comply with the law. In addition, our providers may share your personal information with their own third-party service providers. They may also combine the information about you that we share with them with contact and social media information related to you that they collect from publicly available sources or from third parties.

With analytics service providers and advertisers:

We let third parties use cookies, web beacons, and similar tracking technologies on our Services. They may collect information about how you use our Services and other websites and online services over time and across different services. This information may be used to, among other things, analyze and track data, determine the popularity of certain content, and better understand your online activity.

Some companies may use information collected on our Services to deliver advertisements on behalf of us or other companies, targeted to your interests and preferences, on other websites or apps you may visit or on your social media feed and to gauge their effectiveness. To learn about your choices regarding this sharing of your information please see “Your Choices with Respect to your Information” section below.

With third parties for legal reasons:

We would share information about you if we reasonably believe that disclosing the information is needed to:

  • comply with any valid legal process, governmental request, or applicable law, rule, or regulation;
  • investigate, remedy, or enforce potential violations of our Terms of Use or Privacy Policy;
  • protect the rights, property, and safety of us, our users, or others; or
  • detect and resolve any fraud or security concerns.

With third parties as part of an acquisition or liquidation:

If we are involved in a merger, asset sale, financing, corporate divestiture, reorganization, or acquisition of all or some portion of our business to another company, or if we undergo liquidation or bankruptcy proceedings, we may share your information with that company before and/or after the transaction closes or the proceedings are completed.

Aggregated information: We also share with third parties—such as advertisers—aggregated or de-identified information and we do not limit our third-party providers from using, selling, licensing, distributing, or disclosing de-identified data.

We do not sell personal information, and we will not sell personal information except as described in this Privacy Policy or if we provide you with notice and a right to opt-out of such sale.

Sharing excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

We process your information and share it with third parties for the purposes described in this Policy, based on the following legal grounds:

  1. With your consent;
  2. For our legitimate interests;
  3. To fulfill our contractual obligations; and
  4. To comply with legal obligations.

With your consent:

We ask for your consent to process or share your information for specific purposes and you have the right to withdraw your consent at any time. For example, we ask for your consent to provide you with promotional information. We also ask for your consent to collect information through surveys.

For our legitimate interests:

We process and share your information for our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. For example, we process and share your information in order to help us:

  • Maintain and improve our Services;
  • Perform analytics and research aimed at improving the accuracy, effectiveness, usability, or popularity of the Services;
  • Improve the content and features of the Services or develop new content and features;
  • Promote the Services;
  • Detect, prevent, or otherwise address fraud, abuse, security, or technical issues with the Services;
  • Protect against harm to the rights, property, or safety of ESRT, our customers, or the public as required or permitted by law; and
  • Enforce legal claims, including investigation of potential violations of applicable Terms of Use for the Services.

To fulfill our contractual obligations:

We process and share your information to provide a service you have requested under a contract. For example, we process your payment information when you purchase a ticket to visit the Empire State Building.

To comply with legal obligations:

We process and share your information when we have a legal obligation to do so, for example, if we’re responding to legal process or an enforceable governmental request.

7. Cross Border Transfer

We transfer, process, and store information about you on servers located in the United States. Therefore, if you are located outside of the United States, your information will be transferred to, stored, or processed in the United States, whose data protection, privacy, and other laws may not provide the same level of protection as those in your country of residence. For example, government entities in the United States and other countries may have certain rights to access your personal information. If we transfer your information outside of your country of residence in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.

By using the Services, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States and to those third parties with whom we share it as described in this Policy.

8. How do we store and protect your information?

We take reasonable precautions to protect your information. Please keep in mind that the Internet is not a 100% secure medium for communication, and we cannot guarantee that the information collected about you will always remain private when using our Services. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

9. How long we retain your information

We will retain your information after you stop using Services to the extent that we are obliged to do so in accordance with applicable laws and regulations and/or as necessary to protect our legal rights or for certain business requirements.

Please note that even if you request that we delete your information, deletion by our third party providers may not be immediate and the deleted information may persist in backup copies for a reasonable period of time. Also, information that has already been shared with third parties may not be deleted by them.

10. Your choices with respect to your information

Updating your information: If you need to access, update, or delete other personal information that we may have, you can send a request to optout@esrtreit.com.  To protect your privacy, before we give you access or let you update your information, we may ask you to verify your identity or provide additional information. We will try to update and allow you to access your information for free, but if it would require a disproportionate effort on our part, we may charge a fee. We will disclose the fee before we comply with your request. We may reject a request for a number of reasons, including, for example, that the request risks the privacy of other users, requires technical efforts that are disproportionate to the request, is repetitive, or is unlawful.

Emails: You can stop receiving promotional email communications from us by clicking on the “unsubscribe link” provided in such communications or by sending an email to optout@esrtreit.com. We will retain your email address in order to be able to abide by your opt out choice. We make efforts to promptly process all unsubscribe requests. You may not opt out of service-related communications. If you have any questions, you can contact us directly at optout@esrtreit.com. Unsubscribing or opting out of communications with us will not stop communications you receive from third parties separately. Please review their terms and conditions for relevant options for opting out of their communications.

By providing a cell phone number to us, you consent to receive promotional-related text messages or other Empire State Realty Trust-related messages that may be sent using automated means from or on behalf of Empire State Realty Trust. Your consent to receive these messages is not a condition of any purchase. If you would like to stop receiving promotional-related or automated text messages from us, simply reply “STOP” to the text message you received.

Analytics:  You can control the information provided to Google and opt out of certain ads provided by Google by using any of the methods set forth at http://www.google.com/policies/privacy/partners/ or using the Google Analytics opt out browser add-on at http://tools.google.com/dlpage/gaoptout?hl=en.  

Cookies and other technologies: Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Services may not function properly if the ability to accept cookies is disabled.

Turning off your browser’s cookies will also prevent web beacons from tracking your specific activity. The web beacon may still record an anonymous visit from your IP address, but unique information will not be recorded.

If you do not want to receive tracking pixels, you will need to disable HTML images in your email client, which may affect your ability to view images in other emails that you receive. To find out how to see what cookies have been set and how to reject and delete the cookies, please visit: http://www.aboutcookies.org.

Advertising: You can understand which third parties have currently enabled cookies for your browser or mobile device and how to opt-out of some of those cookies by visiting the Network Advertising Initiative’s website at http://optout.networkadvertising.org/#!/; or the Digital Advertising Alliance’s website at http://optout.aboutads.info/#!/ or, if you’re located in the European Union, at http://www.youronlinechoices.eu . For more information on mobile-specific opt-out choices, please visit http://www.networkadvertising.org/mobile-choices.

On your mobile device you may have features that allow you to opt out of some targeted advertising (“Limit Ad Tracking” on iOS devices or “Opt out of Interest-Based Ads” on Android). To learn more about how these opt-out features work, please review your device settings.

Even if you disable the tracking, keep in mind that you may still receive interest-based advertising, including from third parties with whom your information had been previously disclosed and that you may still receive advertising from third parties, though such advertising may not be based on your interests and preferences.

11. Privacy of individuals under 18

Use of the Services is limited to individuals aged 18 or over or to individuals aged 13-18 that have provided us with valid parental consent. In the event that we learn that we have collected personal information from an individual under 18 without valid parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at Empire State Realty Trust Inc., 111 West 33rd Street, 12th Floor, New York, NY 10120, (212) 687-8700, or https://www.esrtreit.com/contact/.

We do not sell the personal information of California consumers that are less than 16 years of age, unless the consumer (in the case of consumers between 13 and 16 years of age) or the consumer’s parent or guardian (in the case of consumers who are less than 13 years of age) has affirmatively authorized the sale of the consumer’s personal information.

For your convenience and information, our website may contain links to other online services, including to our ESRT+ Tenant App and/or Web Portal, and may also include third-party features such as apps, tools, widgets and plug-ins. These online services and third-party features may operate independently of Empire State Realty Trust. We are not responsible for the practices employed by websites or services linked to or from our website, including the information or content contained in such websites or services, and this Policy does not apply to them. In particular, information collected by our property operations service provider directly, will be collected, used and disclosed in accordance with their privacy policies.  Your browsing and interaction on any third-party website or service, including those that have a link on our website, are subject to that third party’s own rules and policies. Please read the terms of such websites carefully and exercise care when providing your personal information.

13. Browser Do Not Track

The Services do not support Do Not Track (“DNT”) at this time. DNT is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit www.donottrack.us.

14. EU Data Subject Rights

Under the General Data Protection Regulation (“GDPR”), if you are an EU resident and we are processing your personal information, you have the following rights:

  • Right of access: You have the right to request a copy of the information that we hold about you.
  • Right of rectification: You have the right to have information that we hold about you that is inaccurate or incomplete corrected.
  • Right to be forgotten: In certain limited circumstances, you have the right to request that we erase from our records the information that we hold about you.
  • Right to restriction of processing: In certain limited circumstances, you have the right to restrict the processing of your information.
  • Right to withdraw consent: If you have provided consent for the processing of your information you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
  • Right of portability: In certain limited circumstances, you have the right to have the information we hold about you transferred to another organization.
  • Right to object: You have the right to object to certain types of processing of your information such as direct marketing (to the extent applicable).
  • Right to object to automated processing, including profiling: You have the right to not be subject to the legal effects of automated processing or profiling (to the extent applicable). 
  • Right to lodge a complaint: You have the right to lodge a complaint to your country’s data protection authority if you believe that we have not complied with the requirements of the GDPR with regard to your personal information.

15. Contact us

If you have any questions about this Policy or the Services, please contact us at: Empire State Realty Trust Inc., 111 West 33rd Street, 12th Floor, New York, NY 10120, (212) 687-8700, or https://www.esrtreit.com/contact/.

16. California Consumer Privacy Act

OPTION 1

As a California resident, you may have certain rights to delete any personal information about you which the business has collected from you, to request that a business that collects personal information about you disclose to you certain information or to opt-out of the sharing of personal information with third parties for marketing purposes. You may submit a request to us through e-mail at optout@esrtreit.com.

We may not be able to honor each request that we receive and may not be required to do so under applicable laws, but if we are unable to do so, we will respond to let you know our reasons. We will not discriminate against you if you choose to exercise any of your rights as described in this section.

OPTION 2

As a California resident, you have the right, under the California Consumer Privacy Act, to:

  • Request that a business delete any personal information about you which the business has collected from you.
  • Request that a business that collects personal information about you disclose to you, free of charge, the following:
    • The categories of personal information that it has collected about you.
    • The categories of sources from which the personal information is collected.
    • The business or commercial purpose for collecting or selling personal information.
    • The categories of third parties with whom the business shares personal information.
    • The specific pieces of personal information it has collected about you.
    • Request that a business that sells your personal information, or that discloses it for a business purpose disclose, free of charge, to you:
    • The categories of personal information that the business collected about you.
    • The categories of personal information that the business sold about you and the categories of third parties to whom the personal was sold, by category or categories of personal information for each third party to whom the personal information was sold.
    • The categories of personal information that the business disclosed about you for a business purpose.
  • Direct a business that sells personal information about you to third parties not to sell your personal information.

You may submit a request under the California Consumer Privacy Act through the following methods:

  • You may call us toll-free at (212) 687-8700
  • You may e-mail us at optout@esrtreit.com.

To submit a request, we are required to verify your identity. We will match the personal information that you provide to us with personal information that we already maintain about you in order to verify your identity. We may also need to contact you to confirm your request.

You may also designate an authorized agent to make such requests on your behalf.

We may not be able to honor each request that we receive, but if we are unable to do so, we will respond to let you know our reasons. We will not discriminate against you if you choose to exercise any of your rights as described in this section.

17. Changes to the Policy

We may make changes to this Policy from time to time, in our sole discretion. When we make changes we deem material, we will provide you with prominent notice as appropriate under the circumstances, e.g., through the Services or by sending you an email. In some cases, we will notify you in advance of the changes taking effect. Please make sure you read any such notice carefully.

This Privacy Policy was last modified in October 2022.