PRIVACY POLICY

We respect the privacy of all our customers and business partners, and treat personal information (personal data) provided by you to us as confidential. We know that you are concerned how information about you is collected, processed, used and stored, and we appreciate you trusting that we will do so with every due care and diligence.

We have provided this Privacy Policy as an explanation of the information we collect, how we process and use it, and how the use of this information can benefit your experience on our web sites and products and services we provide.

1. WHAT INFORMATION ABOUT YOU DO WE COLLECT

In order for us to operate effectively and provide you with the best experiences with our services, we may request and collect information about you, whether as hotel guests, loyalty programme members, web site visitors or you contacting us for any other purposes, that includes personal information that can identify you as an individual.

Your personal information can come to us via various channels, including but not limited to:

• When you browse and interact with our website and/or use any mobile apps that we may make available -  such as make a booking via our Online  Reservation system, make an inquiry, sign up for newsletter subscription or make brochure  requests or download and use our mobile apps
• Through your use of our products and services – such as when you stay as a guest or visits the hotels, restaurants or facilities managed by us
• When you submit enquiries to us or provide us with you feedback
• When you participate in our promotional offers, competitions or surveys
• As a member of our loyalty programmes or when your friends refer you to our programmes
• From third parties – such as partners we work with or public databases – where you have provided your consent to the third party or to us to that information sharing taking place or where we have a legitimate interest to use the personal information in order to provide you with our products and services

The types of personal information that we collect and process may include, but not be limited to (and may vary by jurisdiction):

• Personal details, such as your name, gender, date of birth, nationality, passport and visa information, personal and work contact details (addresses, emails and telephone numbers)
• Payment and credit card information, such as bank accounts, name of cardholder, credit card number, credit card billing address and expiry date
• Guest stay information and lifestyle information, such as hotels where you have stayed, arrival and departure dates, room preferences, leisure activities, names and ages of children, observation of your services preference, and other information necessary to fulfil special requests
• Information, feedback or content you provide regarding your interests and preferences
• Loyalty program member information, online account details, profile or password details
• Information from our security systems such as from our closed circuit television system, card key, internet login and firewalls
• Information relating to your use and interaction with our website and mobile apps

Some of the personal information which you provide to us are considered “sensitive personal information” under the privacy and data protection laws in specific jurisdiction – such as personal information from which we can determine or infer an individual’s racial or ethnic origin, health or biometric data. We only process sensitive personal information in such jurisdiction if and to the extent permitted or required by applicable law.

Except where required by local laws, we do not knowingly collect personal information from our websites from any children or minors. As a parent or legal guardian, please do not allow your children or minors to submit personal information without your permission.

We may also collect non-personally identifiable information about you, such as internet log information or visitor behaviour patterns when you visit our websites on your use of our websites, communication preferences, travel habits, aggregated data relative to your stays, and responses to promotional offers and surveys. Please also refer to our Cookies policy.

2. HOW WE PROCESS AND USE YOUR INFORMATION

We may collect, process and/or use the personal information which we collect in order to:

• Deliver our products and services to you – such as completing your reservations, sending you reservation confirmations, supplying the purchased goods and services, registering you for program membership, fulfilling a request for information,  customising our services to your preferences, earning and redeeming rewards, keeping proper records of your transactions with us
• Communicate and provide marketing  and promotion to you – such as sending you information and updates on our products and services and other products and services that we think may be of interests to you, including latest promotions,  competitions, joint- and cross promotions with our business partners, response to enquiries, to send you important information regarding our website, changes to our terms, conditions and policies
• Develop and improve our services to you – such as performing market research, analytics and/or profiling, developing new products and services, improve the effectiveness of our website, your hotel experience, our various types of communications, advertising campaigns, and promotional activities
• Work and cooperate with third party parties to deliver our products and services to you – such as travel agents, group travel organisation, or anyone involved in the process of making your travel arrangements, credit card companies, airline operators and third party loyalty programs
• Maintain your safety and security as well as that of other guests and personnel – such as to make proper identification and verification in processing of transaction, implement security surveillance and access controls when you visit or stay at our hotels, and administer general record keeping
• Meet applicable legal and regulatory requirements
• Use it in other ways as required or permitted by law or with your consent

We will only collect, process and/or use the personal information where we are satisfied that we have an appropriate legal basis to do so. This may be because (i) you have provided your consent, (ii) our use of information is necessary for providing the products and/or services you have requested, (iii) our use of your information is in our legitimate interest as a commercial organisation, such as to operate and improve our services (including for profiling and targeted advertising) and in a way proportionate and respects your privacy rights, and/or (iv) necessary compliance with applicable laws, regulations, court orders or other legal process.

3. KEEPING AND SAFEGUARDING OF PERSONAL INFORMATION

To the extent permissible by applicable law, we generally only keep your information for as long as is reasonably required for:

• The purposes for which that personal information was provided
• Ongoing business need, including record keeping, fraud prevention, or if we reasonably believe there is a prospect of litigation
• As necessary to meet legal, regulatory, tax or accounting needs

We take reasonable steps to safely and securely delete, dispose of, anonymise and/or block personal information when we no longer need it.

INFORMATION SECURITY

We endeavour to protect your personal information we maintain and have implemented reasonable technical, organisational and administrative measures to keep your personal information safe and secure and to protect it against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We will review, monitor and update these security measures to meet our business needs, changes in technology and regulatory requirements.

INFORMATION TRANSFER OVERSEAS

We do business globally. In order for us to operate effectively and provide you with the best experiences with our services, we may centralise certain aspects of our information processing activities and may have databases in different countries (some of which are operated by our local group company and some of which are operated by third parties on our behalf). We may therefore have to share and transfer your personal information from one country to another, or even across multiple jurisdictions, such as:

• In or to Hong Kong where our corporate office is located
• In those countries in which we manage and operate hotels, residences, sales or representative offices
• In those countries where our third party suppliers and/or services providers, agents, advisors or consultants are located

Your personal information may therefore be subject to privacy laws that are different from those in the country where the personal information is collected or those in your country of residences. We will endeavour that the transfer of your personal information is carried out in accordance with applicable privacy laws and that appropriate technical, organisation and administrative measures are in place for its safeguard.

INFORMATION SHARING

Insofar as reasonably necessary for us in delivering our products and services to you and for the purposes set out in this Privacy Policy, we may share your personal information with the below parties. The specific kind of information we share will depend on your activities with us and only to the extent as required or permitted by law, and/or with your consent.

• Our group entities, hotels and residences managed and operated by us
• Our business partners and third parties involved in the delivery of our products and services to you – including those involved in a sale of all or part of our business operations or assets and those for business, operational and general administration
• Our marketing and advertisement partners
• Third party services providers which process data (including personal information) for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures
• Our agents, advisors, consultants, other third party suppliers and/or services providers to assist us to operate effectively and provide you with the best experiences with our services
• Other third parties when we have your consent or are otherwise permitted by law to do so

INFORMATION PROCESSING BY THIRD PARTIES

Like most international hotel brands, we may outsource the processing of certain functions and/or information to third parties, which may be located in countries other than the country where your information is collected or your country of residences. We may also engage market research firms to assist us in contacting our guests for the purpose of market research and quality assurance. When we do outsource the processing of your personal information to third parties or provide your personal information to third-party services providers, we oblige those third parties to protect your personal information with appropriate security measures.

4. YOU CONTROL YOUR PERSONAL INFORMATION

You may always choose what personal information (if any) you wish to provide to us. Please note, however, some of our products and services to you may be affected if you choose not to provide certain details, for example, we cannot reply to you without a name or contact details.

If you provide us with your contact details (e.g. postal address, email address, telephone number or fax number), we may contact you to let you know about the products, services, promotions and events offered that we think you may be interested in. You can always choose whether or not to receive any or all of these communications by contacting us as described in Section 6 below.  In addition to your agreeing to this Privacy Policy, we may also ask you to give us a separate consent before we send you with promotional information or to indicate how you would like to receive any communication (e.g. via email or regular mail). After you have indicated your preferences, you can always change them.

5. NOTICE TO EUROPEAN UNION DATA SUBJECTS

You may be aware that the European Union General Data Protection Regulation gives certain rights to individuals in relation to their personal information - including the right of access to the personal information we hold about them, right of rectification, right to erasure, right to restrict data processing, right to object to processing, right to data portability, right to complain to a supervisory authority, and right to withdraw consent.

If you wish to exercise any of your rights in relation to your personal information, please contact us as described in Section 8 below.

6. NOTICE TO CALIFORNIA RESIDENTS

YOUR CALIFORNIA PRIVACY RIGHTS (SHINE THE LIGHT ACT)

We may share information with our affiliated companies and others for their direct marketing use unless you tell us not to. California residents who have an existing business relationship with us may opt out of such sharing by emailing us at dataprotection@langhamhotels.com. We will process your request promptly.

CALIFORNIA CONSUMER PRIVACY ACT RIGHTS (“CCPA”)

As of January 1, 2020 verified California residents have the right to:

• Request and receive disclosure of our personal information collection practices during the prior 12 months, including the categories of personal information we collect, the categories of sources of such information, our business purpose for collecting or sharing such information, and the categories of third parties with whom we share such information.
• Request and receive a copy of the personal information we have collected about them during the prior 12 months
• Request and receive disclosure of our information sharing practices during the prior 12 months, including a list of the categories of personal information sold with the category of third party recipients and a list of the categories of personal information that we disclosed for a business purpose
• Request that we not sell personal information about them and
• Request that we delete (and direct our service providers to delete) their personal information subject to certain exceptions.

For purposes of the CCPA personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

In order to make a request for disclosure California residents may contact us by calling us toll-free at (+1) 833-906-2154 or by visiting our CCPA request page here.  We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information) and will use that information only for that purpose. We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be.  We will acknowledge receipt of your request within 10 days and will endeavor to respond within 45 days of receipt of your request, but if we require more time (up to an additional 45 days) we will notify you of our need for additional time. For requests that we not sell your information we will comply with your request within 15 days. We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you.

You may make a request for disclosure of our information collection practices, the information we collected about you, or our sharing practices up to twice within a 12-month period.  You may make a request that we not sell information or for deletion of your information at any time.

For requests for a copy of the personal information we have collected during the 12 months prior to your request we will endeavor to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.

For requests for deletion of your information please understand that California law permits us to retain certain information and not to delete it under certain circumstances. By way of example, we are not required to comply with a request to delete information if the information is necessary for us to complete a transaction for you or otherwise perform a contract; to detect, protect against, or prosecute security incidents, fraud or illegal activity; to use the information only internally in ways reasonably aligned with your expectations as our customer (such as maintaining sales records), and to comply with legal obligations. If we receive such a request from you we will notify any service providers we have engaged to delete your information as well.

We will not discriminate against you as a result of your exercise of any of these rights.

VISIT OUR CCPA REQUEST PAGE

OR call our toll-free number at (+1) 833-906-2154

SELLING INFORMATION

We do not sell you information for monetary consideration but we may transfer your information to a third party that provides us with services such as helping us with advertising, data analysis and security, which may fall under the definition of for “other valuable consideration” which may be considered a ‘sale’ under the CCPA. During the past 12 months we disclosed Identifiers, Commercial Information, Electronic Network Activity, Geolocation with third parties for a business purpose which may fall within the definition of a ‘sale’.  If you are a California resident over the age of 16 and would like to instruct us not to sell your personal information, please visit our Do-Not-Sell web page here.  We do not sell personal information of individuals we actually know are less than 16 years of age. If you request that we not sell your information we will honor your request within 15 days, will notify those who received your information in the 90 days before your request to not further sell your information and will notify you when this has been completed. Once we receive your Do-Not-Sell request we will wait at least 12 months before asking you to reauthorize personal information sales.

VISIT OUR DO-NOT-SELL WEB PAGE

OR call our toll-free number at (+1) 833-906-2154

USING AN AUTHORIZED AGENT

You may submit a request through someone holding a formal Power of Attorney.  Otherwise, you may submit a request using an authorized agent only if (1) you provide the authorized agent with written permission to make a request and (2) you verify your own identity directly with us.  We will require the agent to submit proof to us that they have been authorized to make requests on your behalf.

During the past 12 months, we have collected the following categories of information from the listed sources, used it for the listed business purposes and shared it with the listed categories of third parties.  The categories of information include information we collect from our website visitors, registered users, employees, vendors, suppliers and any other person that interacts with us either online or offline. Not all information is collected about all individuals.  For instance, we may collect different information from applicants for employment or from vendors or from customers.