Effective Date: June 14, 2019

Last Updated: March 22, 2021

WhyHotel, Inc. (together with its subsidiaries,"WhyHotel," "we, " "our" or "us") respects your privacy and is committed to protecting it through our compliance with this privacy policy. WhyHotel offers fully furnished apartments (the " Guest Units") in newly built apartment buildings (individually or collectively, the "Property") on a long or short-term basis for guests ("you") to stay. As used in this privacy policy, the term "you" includes any individual who makes a reservation for or rents a Guest Unit, is staying a Property, accesses or uses a Guest Unit, our website ( http://whyhotel.com), WhyHotel mobile applications, various systems at our properties, in-room systems, and other mobile features that we operate (collectively, the " Site") or the other WhyHotel Services (defined below).

This privacy policy explains our policies and practices regarding the information we collect from and about you. It is through this privacy policy that we intend to provide you with a level of comfort and confidence in how we collect, use, and safeguard personal and other information we collect and obtain, or that you provide through the Sites and how you can contact us if you have any questions or concerns. It is our sincere hope that by explaining our data handling practices we will develop a trusting and long-lasting relationship with you.

California and Nevada residents should also review the Privacy Policy Supplements for California and Nevada Residents at the end of this policy.

Please note that by making a reservation for or renting a Guest Unit, staying at a Property or accessing or using the Site and/or the various other related services, features, functions, software, applications, websites and networks provided by WhyHotel or other features, functions, services or products offered or made available by WhyHotel (together with the Guest Units, the Property and the Site, collectively, the "WhyHotel Services"), you are accepting the practices described in this privacy policy. This privacy policy is also incorporated by reference into the Terms and Conditions (as modified from time to time, the "Terms"), and the various other policies, agreements and terms and conditions that govern your making a reservation or renting a Guest Unit or your use of the Site and the other WhyHotel Services.

This privacy policy describes the types of information we may collect from you or that you may provide when you make a reservation for or rent a Guest Unit or access or use the Site and/or the other WhyHotel Services, and our practices for collecting, using, maintaining, protecting and disclosing that information.

This privacy policy applies to information we collect or may collect from you:

• In accessing and using the Site.
• In making a reservation for a Guest Unit.
• In checking-in and renting a Guest Unit.
• In accessing and using the other WhyHotel Services.
• When you use one of our booking partners that sell bookings for us (e.g., Airbnb, HotelTonight, Expedia, Booking.com, Priceline, Homeaway, Craigslist and other booking services, collectively, " Booking Partners").
• In e-mail, text and other electronic messages, including SMS messages, sent through or in use of the Site and the other WhyHotel Services, including the WhyHotel mobile application.
• When you interact with the other users of the Site and the other WhyHotel Services.
• When you send any content through the Site or any of the other WhyHotel Services.
• Through services provided to us by third-party companies, agents or contractors, including our Booking Partners and Payment Processors.

It does not apply to information collected by any third party, including our Booking Partners and Payment Processors, to the extent the same information is not also collected by us.

Please read this privacy policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your only choice is not to make a reservation or rent a Guest Unit or use the Site or the other WhyHotel Services. By making a reservation or renting any Guest Unit or accessing or using the Site or any of the other WhyHotel Services, you agree to this privacy policy. This privacy policy may change from time to time. Your continued use of the Site and/or any of the other WhyHotel Services, after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Minors under the Age of 21

Minors under 21 years of age may not make a reservation for a Guest Unit (although minors under 21 years of age may stay with a guest who is 21 years or older in accordance with the Terms). No one under age 13 may provide any information on or through the Site or the other WhyHotel Services. We do not knowingly collect Personal Information from children under 13. If you are under 13, do not use or provide any information on or through any of the WhyHotel Services or any of its features on the Site, and do not use any of the interactive or public comment features of any of the WhyHotel Services or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn we have collected or received Personal Information from a child under 13 without verification of parental consent, we will delete that information. If you believe that we might have any information from or about a child under 13, please contact us at privacy@whyhotel.com.

Personal Information We Collect About You and How We Collect It

In general, we collect Personal Information that you submit to us in the process of creating or editing your account and profile on the Site or that you submit to us voluntarily through your use of the Site or when you visit/stay as a guest at one of our Properties, purchase related services and interact with us offline. Information that identifies, relates to, describes, is capable of being associated with, or could be linked, directly or indirectly, with a particular consumer or household is "Personal Information." Personal Information does not include information that has been de-identified or otherwise made anonymous or information that has been aggregated such that it is no longer possible to identify any specific individual.

We may collect several types of Personal Information from and about you and other Guests of the Guest Units and the users of the Site and the other WhyHotel Services, including:

• Information by which you may be personally identified, such as name, e-mail address, address, phone number and other information from your driver's license or passport ;
• Information that you provide in making a reservation for a Guest Unit;
• Personal Information that you provide when you check-in, including information that is collected when we scan your ID (e.g., driver's license, passport and other identifying documents);
• Information relating to your use of the Guest Unit (e.g. noise levels, food and beverage usage and internet connection information);
• Financial and billing information, such as billing name and address, business title, work contact address, credit card number or debit card number;
• Your IP address and date and time of visit;
• Usage details and information, including how you communicate with other users of the Site and the other WhyHotel Services;
• Device, internet and mobile information such as the hardware model, operating system version, unique device identifiers, browser type, language, wireless network, and mobile network information (including the mobile phone number);
• Travel-related information, such as your frequent flyer number, honors or rewards numbers, preferred airlines, rental car providers, and travel history;
• If you or your organization plans an event or meeting at one our facilities, we may collect Personal Information related to the event or meeting such as the guest list and information about the guests at your event;
• When you report a problem with a Guest Unit, the Site or any of the other WhyHotel Services;
• Records and copies of your correspondence (including e-mail addresses), if you contact us;
• Details of transactions you carry out through the Site and any of the other WhyHotel Services;
• Your search queries on or through any of the Site or the other WhyHotel Services; and
• Reviews and testimonials that you provide.

We may obtain both Personal Information and non-identifiable information about you from business partners, contractors, suppliers, and other third parties and add it to your account information or other information we have collected. We, and the third parties we engage, may combine information we collect from you over time, and across the Site, with information obtained from other sources. This helps us improve the information's overall accuracy and completeness, and also helps us better tailor our interactions with you.

We may obtain both Personal Information and non-identifiable information about you:

• Directly from you when you provide it to us;
• Automatically as you navigate through or use the Site, using technologies like cookies and other tracking technologies, error reports, and usage data collected when you interact with our Site, stay at a Property and the other WhyHotel Services; and
• From third parties, business partners and other third parties that provide us or you with certain services, including from your use of, and interactions with, us and others on social media, including, but not limited to, Facebook and similar social media platforms (collectively, "Social Media");
• From business partners, contractors, suppliers, and other third parties.

Certain transactions may also involve you calling us or our calling you. Please be aware that we may monitor and, in some cases record such calls for staff training or quality assurance purposes.

You may now or in the future provide pictures, text, data, information and other input or any other content linked, posted, and/or submitted by you or other users to be published or displayed (hereinafter, "posted") on or through the Site or any of our social networking pages (e.g., Facebook, Twitter, Instagram and other similar networking pages), or transmitted to third parties or other users of or any of the other WhyHotel Services (collectively, "User Content"). Your User Content is posted on and transmitted to others at your own risk. We cannot control the actions of other users of the Site or the other WhyHotel Services, or our social networking pages, with whom your User Content is shared. Therefore, we cannot and do not guarantee that your User Content will not be viewed, downloaded or shared by unauthorized persons.

Use of Cookies and Other Tracking Technologies

Similar to other websites, we use cookies and other similar technologies (such as tags, pixels, web beacons, web bugs, JavaScript, device IDs) to automatically collect certain technical information from your web browser, mobile, or other device when you visit our Site. This data may include, but is not limited to, your IP address, browser type and language, referring/exit pages and URLs, other browser history, platform type, number of clicks, landing pages, the pages you requested and viewed, the amount of time spent on particular pages, and the date and time of your visits. Our collection of this data, described in more detail below and in our Cookie Notice, allows us to provide more personalized high-quality services to you and to track usage of the Site.

The technologies we use for automatic data collection may include:

• Cookies (or browser cookies).A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of the Site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to the Site.
• Flash Cookies.Certain features of the Site may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from and on the Site. Flash cookies are not managed by the same browser settings as are used for browser cookies.
• Other Technologies (e.g., tags, pixels, java script). These technologies may be used for the same purposes as cookies and stored on your hard drive until they expire. These technologies are used to enhance your experience and gather usage and performance data. For example, we may use pixels to automatically record certain technical information about your interactions when you visit the Site or otherwise engage with us, to help deliver cookies on our Site, or count users who have visited the Site. We may also include web beacons in our promotional e-mail messages or newsletters to determine whether you open or act on them for statistical purposes. "Pixels" are tiny graphics (about the size of a period at the end of a sentence) with unique identifiers used to track certain online actions, movements and related information of Site users. Unlike cookies, which are stored on a user's computer hard drive, pixels are embedded invisibly on web pages or in HTML-based emails. The data we receive through pixels allows us to effectively promote the Site to various populations of users, and to optimize external advertisements about the Site that appear on third-party websites. For more information, please see our Cookie Notice. As with cookies, we use these technologies for the preservation of our legitimate interests, to provide a service that is requested by you and, where applicable, on the basis of your consent.
• Third Party Analytics Providers. Cookies and other Cookies and other technologies we use include Google Analytics, Hubspot and similar third party analytics providers ("Analytics Providers"). We use these to collect information about Site usage and the users of the Site. Analytics Providers use Cookies in order to collect demographic and interest-level information and usage information from users that visit the Site, including information about the pages where users enter and exit the Site and what pages users view on the Site, time spent, browser, operating system, and IP address. Cookies allow Analytics Providers to recognize a user when a user visits the Site and when the user visits other websites. Analytics Providers use the information they collect from the Site and other websites to share with us and other website operators' information about users including age range, gender, geographic regions, general interests, and details about devices used to visit the Site and other websites and purchase items. For more information regarding Google's use of cookies, and collection and use of information, see the Google Privacy Policy (available at https://policies.google.com/privacy?hl=en). If you would like to opt out of Google Analytics tracking, please visit the Google Analytics Opt-out Browser Add-on (available at https://tools.google.com/dlpage/gaoptout). For more information about the use of third party Cookies and other similar technologies can be found in our Cookie Notice.

Advertising

We use third party service providers to serve advertisements or collect data on our behalf across the internet and on this Site ("Advertisers"). Some of these Advertisers may collect your Personal Information about your Site visits and your interactions with our products and services to tailor marketing messages on other sites, or to trigger real-time interactions, customize the Site, or enhance your profile (also referred to as "online behavioral advertising" or "interest-based advertising"). If you would like more information about Advertisers' practices, please see http://optout.aboutads.info/#!/. You may find more information about entities involved in online advertising and additional choices you may make, including opt-out of having your information used for internet-based advertising, through the Digital Advertising Alliance (the "DAA") at the DAA consumer choice service. The tools provided at the DAA opt-out page are provided by third parties, not WhyHotel. WhyHotel does not control or operate these tools or the choices that advertisers and others provide through these tools. For more details on this technology and for details of how you may be able to opt-out of the use of your information for this purpose see our Cookie Notice.

Do Not Track Policy

Your web browser may offer you a "Do Not Track" option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. We do not honor any web browser "Do Not Track" signals or other mechanisms that provide you with the ability to exercise choice regarding the collection of personally identifiable information about your online activities over time and across third-party websites or online services. At present, no universally accepted standards exist on how companies should respond to do-not-track signals. In the event a final universally accepted standard is established, we will assess and provide a response to these signals.

Third-Party Responsibilities and Services

We use or partner with other third-party companies, agents or contractors for various purposes in connection with our business and operations ("Service Providers"), including, our Booking Partners, making reservations, texting, ID scanning, CRM, property management, billing and payments, credit card gateway, cloud hosting, relationship building, the marketing and growth of our business and the performance of services on our behalf, such as gathering and analyzing information and the provision of services to you. In the course of performing these responsibilities and providing such services, these other companies may have access to your information, including your Personal Information. We may also share information, including your Personal Information and other information, with these Service Providers in order to enable them to perform these responsibilities and to provide these services. Many Service Providers have adopted their own privacy policies, which are not subject to control by WhyHotel. You should always review the policies of these Service Providers to make sure that you are comfortable with the ways in which they collect, use, maintain, protect and disclose your information. We do not specifically list our current Service Providers because they change from time to time. If you would like the names of our Service Providers (if we are permitted to disclose), please email us at privacy@whyhotel.com.

The Service Providers may also transmit cookies to your computer or device, when you click on ads that appear on or through the Service. Also, if you click on a link to a third-party website from the Site, including, links to news and articles about us and the Properties, such third party may also transmit cookies to you and we do not have any control over that. Please be aware that cookies placed by third parties may continue to track your activities online even after you are no longer using any of our Services, and those third parties may not honor "Do Not Track" requests you have set using your web browser.

Booking Engine

We use one or more third-party service providers to take bookings through our Site. We do this to provide a reliable and secure booking process while concentrating on our real business of hospitality. Any personal information you share when making a booking will be shared with those service providers and may be transferred to where they are located in order to process it. We remain the controller of your personal information and these service providers only receive your information for purposes of providing reservation booking services. If you would like any additional information regarding our individual service providers, please contact us.

Links to Other Websites

Our Site may contain links to other websites. If you choose to click on a link to an advertiser or other third- party website, you will be directed to that party's website. We do no control third party websites which may place their own cookies or other files on your computer, collect data, solicit personal information or follow different rules regarding the use or disclosure of the personal information. We encourage you to read the privacy policies or statements of the other websites you visit. The fact that we link to a website or present an advertisement is not an endorsement or representation of our affiliation with that party, nor an endorsement of its privacy policies.

How We Use Your Information

We will only use information that we collect about you or that you provide to us, including any Personal Information for the purposes described in this Privacy Policy and when applicable law allows us to do so. We will generally use your information based on the following legal grounds:

• Where the use of your information is necessary for the performance of a contract that we are about to enter into or have entered into with you or a third party;
• Where the use is necessary for the purposes of our legitimate interests (or those of a third party);
• Where we need to comply with a legal or regulatory obligation; or
• Where you have given your consent (which can be withdrawn at any time).

We use information that we collect about you or that you provide to us for the following purposes:

• To provide you the Guest Units, the Site and other WhyHotel Services and the other services and products that you request from us.
• To provide you with notices about your reservation.
• To manage Guest services and requests while staying in a Guest Unit.
• To provide the Site and its content to you.
• To provide technical and other support to you.
• To solicit reviews.
• To generate leads.
• To send you promotional communications, such as providing you with information about the Guest Units, services, features, surveys, newsletters, offers and events; and providing other news or information about us, our customers and our select partners; provided that you have given your consent if required by applicable law.
• To enable Service Providers to perform certain responsibilities and provide certain services in connection with our business and operations.
• To fulfill any other purpose for which you provide it.
• To carry out our obligations and enforce our rights arising from the Terms and any other agreements entered into between you and us, including for billing and collection.
• To carry out our obligations and enforce our rights under agreements with third parties including, without limitation, owners and managers of the Property.
• To notify you about changes to the Guest Units, the Site and the other WhyHotel Services.
• To allow you to participate in interactive features on or through any of the WhyHotel Services.
• To enhance the safety and security of all of the Site and the other WhyHotel Services.
• To verify your identity and prevent fraud or other unauthorized or illegal activity.
• To enable marketing, remarketing and targeted advertising and similar services from us or Service Providers, including direct and indirect marketing and on-line behavioral advertising regarding our own and third-party products and services that we believe may be of interest to you, including advertisement on third party websites; provided that you have given your consent if required by applicable law.
• To perform targeted and other advertising on third party websites.
• In any other way we may describe when you provide the information.
• To comply with any court order, law or legal process, including to respond to any government or regulatory request.
• If we believe use is necessary or appropriate to protect the rights, property, or safety of you, WhyHotel, the Property, our customers or others.
• With your consent, we may post a review or testimonial along with your name. If you want your testimonial removed please contact us.
• For any other purpose with your consent.

We may also use any information that has been anonymized or in an aggregated form that does not directly identify you for any purpose (including to create and distribute marketing materials such as testimonials, case studies, white papers, savings calculators and other similar purposes) to the extent not prohibited under any applicable law or regulation.

Some of the information that we collect automatically is statistical data and does not include Personal Information, but we may maintain it or associate it with Personal Information we collect in other ways or receive from third parties or you provide to us. It helps us to improve the Guest Units, the Site and the other WhyHotel Services, and to deliver a better and more personalized service, including enabling us to:

• Estimate our audience size and better understand usage patterns.
• Store information about your preferences, enabling us to customize the Site according to your individual interests.
• Speed up your searches.
• Recognize you when you return to the Site.

Storage and Transfer of Your Information

We may store any information that we collect (Personal Information or otherwise) ourselves or in databases owned and maintained by us, our affiliates, agents or Service Providers. If you access or use the Site or any of the other WhyHotel Services outside of the United States, information that we collect about you may be transferred to servers inside the United States and maintained indefinitely, which may involve the transfer of information out of countries located in the European Economic Area and other parts of the world unless otherwise prohibited by applicable law or agreed by WhyHotel and you. By allowing WhyHotel to collect information about you, you consent to such transfer and processing of such information without restriction. We may also store some information locally on your computer or other devices. For example, we may store information as local cache so that you can open the Site and view content faster.

Although users from all over the world may access the Site and the other WhyHotel Services, keep in mind that no matter where you live or where you happen to use our Services, you consent to us processing and transferring information in and to the United States and other countries whose data-protection and privacy laws may offer fewer protections than those in your home country.

Disclosure of Your Information

We may disclose anonymized or aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose Personal Information and Non-Personal Information that we collect or you provide as described in this Privacy Policy:

• To our subsidiaries and affiliates.
• To the owners and/or managers of the Property.
• To Service Providers, contractors and other third parties we use to support our business, including credit card payment processors and marketing support.
• To a potential or actual buyer, assignee or other successor (including its related advisors and agents) in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of the WhyHotel's assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information held by WhyHotel about you and other users of the Site is among the assets that may be or are actually transferred.
• To fulfill the purpose for which you provide it.
• For any other purpose disclosed by us when you provide the information.
• With your consent.

We may also disclose your Personal Information and other information:

• To comply with any court order, law or legal process, including to respond to any government or regulatory request.
• To enforce or apply the Terms and any other agreements between you and us, including for billing and collection purposes.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of WhyHotel, the Property, our customers or others.

Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with the following control over your information:

• Promotional Offers from WhyHotel.If you do not wish to have your e-mail address/contact information used by WhyHotel to promote our own or third parties' products or services, you can opt out through the unsubscribe mechanism at the bottom of the applicable email. This opt out does not apply to information provided to WhyHotel as a result of a service or product purchase, product service experience or other transactions. You can also contact us at privacy@whyhotel.com or the address provided in the "Contact Information" section below to unsubscribe from communications.
• SMS Messages. If you do not wish to receive SMS messages, you can cancel SMS services at any time. To do so, text "STOP" to the short code. After you send the SMS message "STOP" to us, we will send you an SMS message to confirm that you have been unsubscribed. After this, you will no longer receive SMS messages from us. If you want to join again, text "UNSTOP" to the short code and we will start sending SMS messages to you again.
• We do not control third parties' collection or use of your information to serve interest-based advertising. You may be able to opt out of receiving personalized advertisements from companies who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance's Self-Regulatory Principles for Online Behavioral Advertising. For more information about this practice and to understand your options, please visit: http://www.aboutads.info andhttp://www.networkadvertising.org/choices/. You may also use TRUSTe's Preference Manager athttp://preferences-mgr.truste.com.

Accessing and Correcting Your Information

You may change, correct or delete any Personal Information that you have provided to us by contacting us by e-mail at privacy@whyhotel.com. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

If you delete your User Content from any of the WhyHotel Services (including any User Content stored in the cloud), copies of your User Content may remain viewable in cached and archived pages, or might have been copied or stored by other users of the Servers or the Site. Proper access and use of information provided on or through any of the WhyHotel Services, including User Content, are governed by the Terms.

Your California Privacy Rights

California Civil Code Section § 1798.83 permits users of the Site that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to us at privacy@whyhotel.com or write to us at: WhyHotel, Inc., 1140 3rd St NE 4th Fl, Suite B, Washington, DC 20002, USA.

Your Rights When We Process Your Personal Information

You have the right to ask us not to process your Personal Information for marketing purposes. We will usually inform you (before collecting your Personal Information) if we intend to use your Personal Information for such purposes or if we intend to disclose your Personal Information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your Personal Information. You can also exercise the right by contacting us directly.

Whenever you choose to be a guest or visitor at one of Properties, we aim to provide you with choices about how we use your Personal Information. Subject to applicable law, you may obtain a copy of Personal Information we maintain about you. In addition, if you believe that Personal Information we maintain about you is inaccurate, subject to applicable law, you may have the right to request that we correct or amend the information by contacting us as indicated in the "Contact Information" section below. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information.

You can choose not to provide Personal Information. If you choose not to provide certain Personal Information to us, some of your experiences may be affected (e.g., we cannot take a reservation without your name and contact information).

The rights that you may enforce as described in this section may vary depending on the jurisdiction in which you reside. Please review the below Privacy Policy Supplement for California and Nevada Residents for more information on your rights and how to exercise your rights. You can exercise any of these rights by contacting us at privacy@whyhotel.com or write to us at: WhyHotel, Inc., 1140 3rd St NE 4th Fl, Suite B, Washington, DC 20002, USA.

How Long We Store Your Personal Information

We will only retain your Personal Information, in a form which permits us to identify you, for as long as necessary to fulfil the purposes we collected it for. We will retain and use your Personal Information as necessary to satisfy any legal, accounting or reporting requirements, to resolve disputes or to enforce our agreements and rights. After that, we will either securely delete or anonymize your Personal Information so that it cannot be linked back to you.

Data Security

We understand that the security of your Personal Information is important. We provide reasonable administrative, technical, and physical security controls to protect your Personal Information. However, despite our efforts, no security controls are 100% effective and WhyHotel cannot ensure or warrant the security of your personal data. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to and use of the Site and/or the other WhyHotel Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of any of the WhyHotel Services as the information you share in public areas may be viewed by any other user of the Site and the other WhyHotel Services.

Changes to Our Privacy Policy

We may post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated on the home pages of the Site for at least 30 days and/or notify you of such changes by email. If we make material changes to how we treat your Personal Information or other information that are materially less protective than provided in this privacy policy, we will use reasonable efforts to notify you by e-mail using the e-mail address specified in your account and/or through a notice on the home page of the Site to attempt to secure your consent to the changes. The date the privacy policy was last updated is identified above. You are responsible for ensuring that we have an up-to-date, active and deliverable e-mail address for you, and for periodically visiting the Site and this privacy policy to check for any changes. Like our Terms, of which this privacy policy is a part, your use, and/or continued use after our efforts to contact you, of the Site or any of the other WhyHotel Services, means that you agree to be bound by such changes.

Survival

The policies indicated in this privacy policy will remain effective, even if the Terms and the other agreements between you and us are terminated and you are no longer renting any Guest Units or using the Site or any of the other WhyHotel Services.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices or if you need to reach us for any other reason, you may contact us by e-mail at privacy@whyhotel.com or by mail at WhyHotel, Inc., 1140 3rd St NE 4th Fl, Suite B, Washington, DC 20002, USA.

Privacy Policy Supplements for California and Nevada Residents

CALFORNIA RESIDENTS

Information Collected About Californians

In the past twelve (12) months, we have obtained the following categories of Personal Information from California users.

We obtain the categories of Personal Information listed above from the sources listed in the, "Personal Information We Collect About You and How We Collect It" section of our Privacy Policy, and as summarized by category below:

• Directly from our guests or their agents. For example, from information that our guests provide to us in order to reserve a room at a hotel location.
• Indirectly from our guests or their agents. For example, through information we collect from our guests in the course of providing Services to them.
• Directly and indirectly from activity on our website (www.whyhotel.com). For example, from website usage details that are collected automatically. In addition, like many companies, we use "cookies" which are small text files a website can use to recognize repeat users, facilitate the user's ongoing access to and use of the site and to track usage behavior of, for example, the webpages you visit.
• From Social Media websites.
• From strategic business partners that assist us in providing certain transactions and services (e.g. reservations and bookings service providers, online travel agencies, credit card providers, payment processing, Social Media, product vendors, advertising networks, analytics providers, hosting and other strategic partners).

We use your Personal Information in ways that are consistent with the purposes for which it was collected or authorized by you, including those purposes listed in the, "How We Use Your Personal Information" section of the Privacy Policy.

Information We Share

In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for one or more business purposes:

• Identifiers;
• California Customer Records Personal Information categories;
• Internet or other network activity information;
• Commercial information;
• Internet or other similar network activity;
• Employment; and
• Geolocation Data.

We obtain the categories of Personal Information listed above from the categories of sources listed in the, "Personal Information We Collect About You and How We Collect It" section of our Privacy Policy.

We Do Not Sell Personal Information As Such Activity Would Be Defined Under CCPA

In the preceding twelve (12) months, we have not sold Personal Information.

Rights and Choices for Californians

The CCPA provides California residents with specific rights regarding their Personal Information. This section describes those rights and explains how Californians may exercise those rights.

• Right to Access Your Data. You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
• Right to Data Portability. You have the right to a "portable" copy of your Personal Information that you have submitted to us. Generally, this means you have a right to request that we move, copy or transmit your Personal Information stored on our servers or information technology environment to another service provider's servers or information technology environment.
• Right to Delete Your Data. You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete your Personal Information from our records, unless an exception applies.
• Right to Non-Discrimination for the Exercise of Your Privacy Rights. You have the right not to receive discriminatory treatment by us for exercising your privacy rights conferred by the California Consumer Privacy Act.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

1. Complete the transaction for which we collected the Personal Information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
5. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
6. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
7. Comply with a legal obligation and any instructions from courts of lawful jurisdiction.
8. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising CCPA Rights

This section explains how California residents can exercise their rights. To exercise your rights under the CCPA to access, data portability, and data deletion as described above, please submit a verifiable consumer request to us by either:

• Calling us at 1-844-529-5076
• Emailing us at privacy@whyhotel.com
• Sending written correspondence to us at the United States mailing address listed under, "Contact Information" section of the Privacy Policy.

Only you, or a person that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

Making a verifiable consumer request does not require you to create an account with us.

We will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

Our Response to Your Request

Upon receiving your request, we will confirm receipt of your request by sending you an email confirming receipt. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information. In some instances, such as a request to delete Personal Information, we may first separately confirm that you would like for us to in fact delete your Personal Information before acting on your request.

We will respond to your request within forty-five (45) days. If we require more time, we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, listed below, or because processing is necessary to deliver the Services you have requested. Where this is the case, we will inform you of specific details in response to your request.

NEVADA RESIDENTS

We Do Not Sell Personal Information As Such Activity Would Be Defined Under Nevada Privacy Law

As a Nevada resident, you may request that we stop selling certain categories of Personal Information that we collect. We have not sold Personal Information of our guests or Site users as contemplated by NRS Ch. 603A, Sec. 2(2).

© Copyright WhyHotel, Inc. 2021