PRIVACY POLICY

INNPLAY website is owned by INNPLAY LLC, which is a data controller of your personal data.

We have adopted this Privacy Policy, which explains what information we collect, how we use and share it, your choices and rights, and how to contact us. Please read this Policy before using the INNPLAY website or our services.

We take care of your personal data and undertake to guarantee its confidentiality and security.

1. Personal Information We Collect

When you visit the INNPLAY website, we automatically collect certain information about your device, including your web browser, IP address, time zone, and some of the installed cookies on your device. As you browse the site, we collect information about the pages you view, what websites or search terms referred you to the site, and how you interact with the site. We refer to this automatically collected information as “Device Information.”

We also collect personal data you provide to us during registration, booking, or when using our services, including but not limited to:

• Identifiers and contact details: first and last name, email address, phone number, mailing address.

• Account information: usernames, passwords, communication preferences.

• Booking details: reservation numbers, check-in/check-out dates, room type and rate, hotel or accommodation selected, loyalty program numbers, group codes or rooming lists, team/club affiliation, tournament or event information, names of traveling companions, special requests or preferences (e.g., room location, bed type), and booking changes or cancellations.

• Payment and billing details: billing name and address, payment method, last four digits of card, tokenized payment identifiers. We use third-party processors and do not store full payment card numbers.

• Travel and experience preferences: accessibility or accommodation requirements, activity selections for group events (e.g., pool party, family day).

• Communications: emails, phone call recordings (where permitted by law), and SMS/text message content and delivery metadata when you communicate with us.

• Marketing and consent records: opt-ins/opt-outs for email, SMS, cookies, and advertising preferences.

• Age/date of birth when relevant to youth athlete services and only with appropriate consent.

• Device and usage data: cookie identifiers, mobile device IDs, approximate location (based on IP), browser and operating system, referring/exit pages, and engagement with our emails and messages.

Sensitive information: We may collect limited sensitive personal information (e.g., accessibility-related information or information about a child participant provided by a parent/guardian) only as necessary to provide services and with your consent or as otherwise permitted by law.

Sources of personal information: We collect information directly from you; from your team manager, coach, or event/tournament organizer; from hotels and accommodation providers; from payment processors; from third-party booking tools or platforms you use to access our services; from marketing/advertising partners; and from publicly available sources where appropriate.

2. How We Use Your Information

We process personal data only as necessary to operate our website, deliver our services, and support our customers. We use information to:

• Facilitate hotel bookings, group room blocks, and accommodation arrangements for events.

• Negotiate rates and manage room inventories with hotels.

• Process payments, issue confirmations, and manage billing and refunds.

• Communicate with you about reservations, changes, cancellations, waitlists, or emergencies (including by email, phone, and SMS where applicable).

• Provide customer support and respond to inquiries and special requests.

• Personalize recommendations for hotels, activities, and group experiences.

• Send marketing communications with your consent or as permitted by law, and honor your preferences.

• Operate, analyze, and improve our website, platform, and services (including through analytics and research).

• Prevent fraud, secure our systems, and enforce our terms.

• Comply with legal obligations and maintain business records, including consent logs for messaging programs.

For individuals in the EEA/UK, our legal bases include: performance of a contract (e.g., processing a booking), legitimate interests (e.g., improving services, ensuring security), consent (e.g., marketing/SMS), compliance with legal obligations, and, in limited cases, protection of vital interests.

3. SMS/Text Messaging Terms

• Program description: With your consent, INNPLAY may send SMS/text messages related to your bookings (e.g., confirmations, reminders, updates, travel advisories) and, if you opt in, marketing messages about offers, hotel deals, and team perks.

• Consent: You must opt in to receive marketing texts. Transactional texts related to a booking or service you request may be sent without a separate marketing opt-in. Consent is not a condition of purchase.

• Frequency: Message frequency varies by program and activity. Marketing messages are typically periodic; transactional messages occur as needed for your booking or event.

• Opt-out: You can opt out of SMS at any time by replying STOP. For help, reply HELP or contact us at ericalasky@inn-play.com. We may send a final confirmation text to confirm your opt-out.

• Charges: Message and data rates may apply. Carriers are not liable for delayed or undelivered messages.

• Data use: We use your mobile number and messaging metadata to deliver texts, maintain logs, and comply with applicable laws and carrier rules.

4. Information Sharing and Disclosure

We may share personal information with:

• Hotels and accommodation providers to facilitate bookings, manage room blocks, and handle special requests.

• Tournament and event organizers/coordinators when necessary for event participation and housing compliance.

• Payment processors to handle transactions and fraud prevention.

• Service providers and vendors who support our operations (e.g., hosting, CRM, customer support platforms, analytics, SMS gateways, email service providers).

• Activity and experience vendors when you request or participate in group activities.

• Your organization/team manager when they arrange bookings on your behalf.

• Authorities, advisors, and others when required or permitted by law or to protect rights, safety, and security.

• Successors in interest in the event of a merger, acquisition, or asset transfer.

We do not sell your personal information. We may “share” limited data with advertising and analytics partners to measure performance or deliver more relevant ads where permitted; you can opt out as described below.

5. Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., pixels, web beacons, SDKs, device identifiers) to:

• Enable core site functionality and security.

• Remember your preferences and improve user experience.

• Perform analytics to understand site usage and improve our services.

• Provide and measure advertising and marketing effectiveness.

Types of cookies we use:

• Essential: required for site functionality and security (cannot be disabled).

• Performance/Analytics: help us understand how the site is used.

• Functional: remember your choices to provide enhanced features.

• Advertising: used by us and our partners to deliver and measure ads.

Your choices:

• Browser controls: You can set your browser to refuse or delete cookies. Doing so may impact site functionality.

• Preferences: If our site offers a cookie banner or settings tool, you can adjust non-essential cookies there at any time.

• Analytics: You can learn about Google Analytics controls at tools.google.com/dlpage/gaoptout.

• Do Not Track/Global Privacy Control: While we do not respond to Do Not Track signals, we honor Global Privacy Control (GPC) signals where required by law for opting out of certain “sharing” for cross-context behavioral advertising.

6. Your Choices and Consent

You can:

• Review and update your account information by contacting us.

• Manage marketing emails by using the unsubscribe link in our emails.

• Manage SMS by replying STOP or contacting us as described above.

• Adjust cookie settings via your browser or our cookie tool (where available).

• Withdraw consent at any time where processing is based on consent (this will not affect processing that has already occurred).

• Opt out of certain advertising “sharing” by contacting us as described below or using available cookie controls.

7. Your Privacy Rights

EEA/UK residents have the right to:

• Be informed about our data practices.

• Access your personal data.

• Rectify inaccurate data.

• Erase your data (right to be forgotten).

• Restrict or object to processing.

• Data portability.

• Not be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

U.S. state privacy rights (e.g., CA, CO, CT, UT, VA) may include:

• Right to know/access the categories and specific pieces of personal information we have collected.

• Right to delete personal information.

• Right to correct inaccuracies.

• Right to data portability.

• Right to opt out of sale or sharing of personal information and targeted advertising.

• Right to limit the use and disclosure of sensitive personal information.

• Right to be free from discrimination for exercising your rights.

How to exercise your rights:

• Email us at ericalasky@inn-play.com with your request and sufficient information to verify your identity (and, if applicable, your authority to act on behalf of someone else).

• California residents may send an email with the subject line “Do Not Sell or Share My Personal Information” to opt out of “sharing” for cross-context behavioral advertising.

• If we deny your request, certain state laws allow you to appeal. You may do so by replying to our decision email with “Appeal” in the subject line.

International data: If you are a European/UK resident, please note your information may be transferred outside Europe (including to the United States). We use appropriate safeguards such as Standard Contractual Clauses where required.

8. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy or as required by law. Typical retention periods include:

• Booking and service records: 7 years for tax, audit, and legal compliance.

• Communication records (email, chat, support): 3 years for customer service and compliance.

• SMS consent and messaging logs: while you are subscribed and for up to 3 years after opt-out to demonstrate compliance.

• Marketing preferences: until you opt out or request deletion.

• Account information: until account deletion is requested or the account is inactive for an extended period, subject to legal holds.

9. Information Security

We secure information on servers in a controlled environment and maintain reasonable administrative, technical, and physical safeguards, including:

• Encryption in transit and at rest where appropriate.

• Access controls and staff training.

• Vendor due diligence and contractual safeguards.

• Monitoring, logging, and incident response procedures.

No method of transmission or storage is 100% secure. If we learn of a security incident that affects your information, we will notify you consistent with applicable laws.

10. International Data Transfers

INNPLAY is based in the United States and may process and store information in the U.S. and other countries. Where required, we use appropriate safeguards (such as Standard Contractual Clauses and other mechanisms recognized by applicable laws) to protect personal data transferred from the EEA/UK to countries without an adequacy decision.

11. Children’s Privacy

Our services often involve youth sports, and we handle minors’ information with care:

• We do not knowingly collect personal information from children under 13 without verifiable parental consent.

• Coaches, team managers, and event organizers must ensure appropriate parental/guardian consent is obtained before sharing a minor’s information with us.

• We limit use of minors’ information to providing requested services (e.g., rooming lists, travel coordination) and do not use it for marketing without appropriate consent.

• Parents/guardians may review, correct, or request deletion of their child’s information by contacting us. We will take steps to verify identity and relationship.

• For teens aged 13–16 in applicable jurisdictions (e.g., California), we will not sell or share personal information for targeted advertising without the teen’s (or guardian’s, as required) opt-in consent.

12. Links to Other Websites

Our website may contain links to other websites not owned or controlled by us. We are not responsible for the privacy practices of such websites. We encourage you to read the privacy statements of each website that may collect personal information.

13. Updates to This Policy

We may update this Privacy Policy from time to time. We will post the updated Policy on this page and update the “Last Updated” date below. If changes materially affect your rights or how we use your information, we will provide additional notice as required by law.

14. Contact Information

If you would like to contact us to understand more about this Policy or to exercise individual rights regarding your personal information, email us at ericalasky@inn-play.com.

You can also visit our website at www.inn-play.com or write to us at:

INNPLAY LLC
Attention: Privacy Officer
[Company Address]

Last Updated: October 27, 2025

You can choose not to provide us with your personal data, but then you may not be able to take advantage of some of the website's features. For example, you won't be able to receive our communications or use our booking services. Users who are uncertain about what information is mandatory are welcome to contact us via ericalasky@inn-play.com.