Swire Properties Hotel Management Privacy Policy

General Section

1          Introduction

1.1          Swire Properties Hotel Management Limited (“we”, “our” or “us”) and its subsidiaries, holding companies and their direct or indirect subsidiaries, joint ventures, and associated companies (we and the above companies collectively, the “Group Companies) attach great importance to your privacy.  When you use our Services (as defined below), we may collect and use your personal data ("Personal Data").  We are committed to protecting the privacy of your Personal Data we hold. 

1.2          To ensure that you can make informed decisions and feel confident about providing your Personal Data to us, we outline in this Privacy Policy:-

(a)   What Personal Data We Collect

(b)   How We Use Your Personal Data and Who We Disclose To

(c)   How We Retain, Store and Protect Your Personal Data

(d)   Your Rights and Contacting Us

(e)   Cookies

(f)       Third Party Websites

(g)   Reminder about Information Sharing

(h)   Amendment of the Privacy Policy

(i)      Language of Privacy Policy

The Privacy Policy Appendix (appended to this Privacy Policy) will apply if you reside in certain countries/regions. To the extent that there is any conflict between the General Section of this Privacy Policy and the Privacy Policy Appendix, the standard which affords a higher level of protection to personal data will apply.

1.3          Services” or “Activities” means any new and/or existing services, products, facilities, activities, contests, lucky draws and/or other events, such as using our websites or mobile applications, following or using our social media accounts e.g. WeChat Official Account, receiving emails or text messages from us or sending us emails or text messages, using our telephone customer service, etc. relating to us and/or our Group Companies or our or their portfolios of properties or tenants in such portfolios of properties.  If you do not provide the relevant Personal Data, you may not be able to register as our user, enjoy the Services, or, even if we continue to provide you with certain Services, the quality of such Services may not be optimal. 

1.4          Note: Protecting the privacy of children under eighteen (18) years of age is our primary concern.  Our website or mobile applications are not intended for children under eighteen (18) years of age.

2          What Personal Data We Collect

2.1          We may collect and process some or all of the following Personal Data about you:-

(a)        your personal information personal information that you provide to us, such as when using our Services, website or mobile application, including your name, gender, date of birth, age, identity card number or other personally identifiable number, etc.;

(b)        your contact information contact information you disclose to us, such as telephone numbers, addresses, mailing addresses, WeChat accounts, email addresses and fax numbers, etc.;

(c)        your business information including company name, business title, and associated contact information, etc.;

(d)        your payment details information on your credit or debit or other charge cards, or other means of payment, including name of cardholder, card number, billing address, security code and expiry date, information on other electronic payment accounts (including but not limited to WeChat Wallet, Alipay account, Apple Pay etc.);

(e)        your travel details you and your companions’ travel details, personal information of your travel companions, including flight information, accommodation information and information related to travellers special needs or preferences, health condition, etc.;

(f)         your photographs or videos photographs or videos being collected when you participate in our Activities or use our Services, whether registered in advance or open to the public at any time;

(g)        your interest and preferences your interests, personal preferences, comments and consumption habits, etc.;

(h)        survey information your comments and responses, etc. to market surveys, contests and promotional offers conducted by us or on our behalf; and/or

(i)         website and communication usage details of your visits to our websites or mobile apps or social medial platforms collected through cookies or other tracking technologies including behavioural information, browser details, IP addresses, purchasing history, location information, etc.;

2.2          Your Personal Data is required for the use of our Services.  If you fail to supply such Personal Data requested, we may not be able to deliver to you the relevant Services.  By providing your Personal Data to us, you acknowledge that you have made an informed decision in providing such Personal Data.

2.3          We may collect Personal Data about you directly or from third parties such as business partners under joint promotions and brand collaborations.  We may also generate and compile Personal Data and collect Personal Data from publicly available sources about you.

2.4          If you provide us with Personal Data about other individuals (e.g. your companion), you must tell those individuals that you have provided us with their details and let them know where they can find a copy of this Privacy Policy.

3          How We Use Your Personal Data and Who We Disclose To

3.1          We may use the Personal Data collected about you for one or more of the following purposes:-

(a)        To provide the Services ► to provide the Services to you (e.g. to process your reservation requests and confirm your booking, to facilitate any special requests or assistance that you have asked for), to process payment for any of the Services (e.g. to verify credit card details with third parties), to identify and verify your information in connection with any of the Services that may be provided to you;

(b)        To provide customer support To manage customer relationship such as responding to your enquiries, and communicating with you by email, letter, telephone, mobile application (e.g. WeChat Push) or other means;

(c)        To operate loyalty or reward programmes ► To operate and administer any Services (including membership, loyalty or reward programmes (including joint collaborations with other brands) etc.).  We may transfer your Personal Data to the operators of the Services (including our loyalty or reward programmes or our business partners (including brands that we collaborate with)) to facilitate your participation;

(d)        For marketing purposes ► Where you have provided consent or do not object in writing (as required by law), to provide you with news, latest offers and promotions or marketing communications, where you have chosen to receive these. 

  • We may use your name, contact details, location data, customer profiling information (including information about your use of our website and activity on social media platforms, including your preferences, transaction pattern and behaviour) collected compiled, generated or held by us from time to time for marketing our own, other Group Companies’ and/or our business partners’ Services to you by email, letter, telephone, fax, text messages, mobile application (e.g. WeChat Push). 
  • In particular, we may use your Personal Data (a) for marketing, research, questionnaires, promotional and customer relationship management purposes including sending you information relating to our own, our Group Companies’ and/or our business partners’ products, facilities, services, membership clubs, reward programmes (including joint collaborations with different brands), activities, contests, lucky draws, promotions, blogs, newsletters and/or events in the following categories: hotels, spa services and restaurants(together, "Classes of Marketing Subject"). 
  • We may also provide your name and contact details to (a) providers (whether within or outside Group Companies) of any of the Classes of Marketing Subject, (b) business partners of our Group Companies, (c) any member of our Group Companies, (d) marketing or research services providers and/or (e) charitable or non-profit making organizations, so that they can send you information in relation to the above Classes of Marketing Subject. 
  • Where required by law, we will ask for your consent at the time we collect your Personal Data to conduct any of these types of marketing and promotions.  We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in the “Contacting Us” section below.  We may share data or statistics with third parties in aggregated and anonymised form for marketing purposes;

(e)        For analytics and profiling To conduct analysis from time to time to better understand your spending, dining and/or other consumption needs, preferences, interests, experiences and/or habits.  In order to enhance your experience or for other uses to which you agreed, we, subject to compliance with applicable laws and regulations, may combine the Personal Data we collected about you from other Group Companies or our business partners so that we can customise the content or display information which is most relevant to you.  For example, Personal Data collected about you when you use the Services provided by other Group Companies may be combined with Personal Data we collected about you when you stayed in one of our hotels, so we can better understand your preferences and tailor our marketing communication to include offers that are of the most interest to you. 

(f)         To improve the Services ► To design new and/or enhance existing Services;

(g)        For safety and security purpose To safeguard public interest, or protect the personal safety of our customers, our employees or other hotel users, and property safety of the Group Companies.  We may also conduct background checks and/or credit searches on companies who wish to open a corporate account with any of our hotels for verification purposes and to prevent fraud or other criminal activities.  This may include disclosures to credit reference agencies, credit, debit and/or charge card companies and/or banks, and medical professionals, clinics and hospitals.

(h)        For legal and administrative purposes ► To comply with applicable laws and regulations, court order or any requirements of relevant government authorities or securities exchange; to establish legal claims or defences; to obtain legal advice; to exercise, safeguard and/or protect the rights or properties of any member of the Group Companies, including identifying or bringing legal action against any person who may be causing interference with such rights or properties (whether intentionally or otherwise) or where any other person could be harmed or property of any other person could be damaged by such interfering activities.  This may include disclosures to any counterparties (and its legal advisors), insurers, loss adjustors, government, regulatory or law enforcement authority, administrative organisation or securities exchange of any jurisdiction;

(i)         To reorganise or make changes to our business In the event of: (i) the sale (or a proposed sale) of our company or business or part thereof to a third party; or (ii) our company undergoing a re-organisation, we may need to transfer some or all of your Personal Data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any sale (or proposed sale) or re-organisation.  We may also need to transfer your Personal Data to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this Privacy Policy.

3.2          In addition to the disclosures we have identified above, we may disclose Personal Data for the purposes set out in section 3.1 to the following entities (the “Transferees”):-

(a)        any members of the Group Companies;

(b)        any agent, contractor or third party service provider who provides administrative, marketing, distribution, data processing, telemarketing, telecommunications, computer, payment or other services to support the provision of the Services (including operations of our business and perform activities on our behalf); and/or

(c)        our or our Group Companies’ advisors (e.g. legal, financial, business or other advisors) who are under a duty of confidentiality to us or our Group Companies.  

4          How We Retain, Store and Protect Your Personal Data

Retention

4.1          Your Personal Data will be retained by us only for as long as is necessary to fulfil the purposes mentioned in this Privacy Policy, or for a duration as required or permitted by applicable laws and regulations.

Security

4.2          In order to ensure the correct use and to maintain the accuracy of the Personal Data collected from you, as well as preventing unauthorised or accidental access, processing, erasure or other use of the Personal Data, we have implemented various internal policies (including physical, electronic and management measures) and various security technologies and procedures.  For example, where we collect Personal Data online, we use an industry standard for encryption over the Internet known as Secure Socket Layer (SSL) protocol to protect the Personal Data.  Our websites have firewalls in place, which should protect the Personal Data collected from you against unauthorised or accidental access.  However, please understand that, due to technical and risk prevention limitations, even if we have made our best effort to enhance security measures, we cannot ensure that your Personal Data is absolutely safe.  You should note that the systems and communication networks you use to access our Services may be subject to problems beyond our control.  Therefore, you are advised to protect against unauthorised access to your password and credit card details.  When using a shared computer, make sure you sign out from your account when finished.

4.3          When we share your Personal Data with any third parties, we will strive to ensure that such third parties comply with this Privacy Policy and other appropriate confidentiality and security measures that we require them to comply with when using your Personal Data, except for the Personal Data you provide directly to the third parties through the use of their services.

Export of Personal Data

4.4          Your Personal Data may be transferred outside the country in which you are located, including to countries with a lower level of data protection than in the country in which you are located.

5          Your Rights and Contacting Us

General Rights

5.1           Under certain conditions, you may have the right to:-

(a)        access your Personal Data held by us;

(b)        correct your Personal Data held by us;

(c)        request deletion or erasure of your Personal Data;

(d)        object to the sharing of your Personal Data; and/or

(e)        object to the profiling of your Personal Data.  

If you would like to exercise any of the above rights or obtain a copy of any of your Personal Data, or if you believe that any of your Personal Data which we collect and maintain is inaccurate or would like to request for information regarding policies and practices and kinds of personal data held by us, please contact us at the address set out in section 5.5 below.

5.2          We will endeavour to use appropriate technical means to ensure that you can access, update and correct your Personal Data.  In accessing, updating, correcting and/or deleting your Personal Data, we may ask for you to authenticate your identity in order to protect the safety of your Personal Data.

5.3          To the extent permitted by relevant laws and regulations, we reserve the right to refuse unreasonable requests (for example, requests which infringe the privacy of others).  To the extent permitted by relevant laws and regulations, we reserve the right to charge a reasonable fee for the cost of processing any request set out in Section 5.1 above.

Right to opt out of direct marketing

5.4          If you agree to receive marketing communication but do not wish to receive them in the future, you may opt out of receiving them at any time, free of charge, by the following applicable means:-

(a)        unsubscribing by following the "Reply To" instructions contained in the marketing text message;

(b)        following the unsubscribe instructions or hyperlink in the email;

(c)        following the unsubscribe instructions in the mobile application;

(d)        notifying us that you no longer wish to receive marketing communication when receiving our marketing calls; or

(e)        contacting us at the address stated in section 5.5 below to tell us that you no longer wish to receive marketing communication through any channel.

5.5          We may issue service-related announcements to you when necessary (e.g. when we suspend a service due to system maintenance).  You may not be able to opt out of these announcements which are service-related and not promotional in nature.

Contacting us

Contact person:   Data Protection Officer

Company Name:  Swire Properties Hotel Management Limited

5.6          Address: Suite 2701-05, Cityplaza One, 1111 King’s Road, Taikoo Shing, Hong Kong

Email address:    Dataprotectionoffice@swirehotels.com

Should you need to contact us in Europe, you may contact our EU representative as follows:

Company Name:  activeMind.legal

Address: RA Klaus Foitzick, Kurfürstendamm 56, 10707 Berlin

Email address:    eu-dataprotection@swirehotels.com

6          Cookies

We use cookies on our websites.  Please see our Cookies Policy (which can be found at https://www.east-beijing.com/en/cookie) for more information on how we use cookies.

7          Third-party websites

7.1          Third-party websites are independent from our websites, and we have no control over the contents of such third-party websites, their privacy policies or compliance with the law.  You should therefore be fully aware that the provision of links to third party websites does not constitute an endorsement, approval, or any form of association by or with the Group Companies.  We have no control over Personal Data that you have submitted to these websites.  Therefore, you should remain alert when you leave our websites. 

7.2          Your use of such third-party social media services or other services (including any Personal Data you provide directly to such third parties through the use of their services) are subject to the third party's own terms and conditions of service and privacy policy (and not this Privacy Policy), which you have to read carefully.  This Privacy Policy applies only to any information we collect and does not apply to any of your Personal Data that any third party collects during the process of providing service to you, and we do not take any responsibility for the use of Personal Data by any third party to whom you provide the information directly.

8          Reminder About Information Sharing

8.1          Our website and mobile applications allow you to publicly share your relevant information, not only with your social networks but also with all users of our website or mobile applications, e.g., the information you upload or post through them (including your publicised Personal Data, the posts you have created), your responses to information uploaded or posted by others, log information and location information that you share.  Other users of our website or mobile applications may also share your related information.  In particular, our social media platforms are specifically designed to allow you to share information with users around the world so that shared information can be delivered real time and extensively. 

8.2          As long as you do not delete the shared information, the information remains in the public domain; even if you delete the shared information, the information may still be cached, copied or stored in our backend systems or independently by another user or unrelated third parties not controlled by us, or kept by other users or such third parties in the public domain.  Therefore, you should carefully consider the content of the information you upload, post and exchange through our website and mobile applications.

9          Amendment of Privacy Policy

We may amend the terms of this Privacy Policy from time to time.  The amendments form part of this Privacy Policy.  You may access and obtain a copy of this Privacy Policy, as amended from time to time, at our relevant website so that you are always informed of the ways we collect and use personal data.  By continuing to use our website or mobile applications, you agree to be bound by this Privacy Policy as amended from time to time.

10          Language of Privacy Policy

This Privacy Policy is written in the English language and may be translated into other languages.  In the event of any inconsistency between the English version and the translated version of this Privacy Policy, the English version shall prevail.


Privacy Policy Appendix

This Appendix applies if you reside in the following countries/regions:-

1.     China Appendix. 9 . 9

2.     Europe Appendix. 10 . 10

3      California Appendix. 14 . 14





1. China Appendix

1.1   Application

        This China Appendix applies if you reside in the People’s Republic of China (“PRC”).  For the purpose of this Privacy Policy, PRC excludes the Hong Kong Special Administrative Region and the Macau Special Administrative Region.

1.2   Consent

By using or continuing to use our services, you agree to our collection, use, storage and sharing of your Personal Data in accordance with this Privacy Policy.

1.3   Sensitive Personal Data

Certain Personal Data may be considered sensitive Personal Data due to their particularity, e.g. your ethnicity, religion, personal health and medical information, etc.

Please note that the information you provide, upload or post through our website, mobile application or social media platforms (e.g. photographs or information about your social activities) may disclose your sensitive Personal Data.  You need to carefully consider whether your sensitive Personal Data should be disclosed.

You agree that your sensitive Personal Data will be handled for the purposes and by the means described in this Privacy Policy.

1.4        Direct Marketing and Charity Promotions

In connection with our marketing activities, we will, with your consent, send you, free of charge, marketing communications relating to Services provided by us, our Group Companies or our business partners, including but not limited to products, facilities, services, membership programmes, reward programmes, activities, contests, lucky draws, promotions, blogs, communications and/or project information related to hotels, spa services and restaurants.

. 


 2. Europe Appendix

2.1        Application

This Europe Appendix applies if you reside in any of the European Union, Iceland, Liechtenstein and Norway (“EEA”).

2.2      Sensitive Personal Data

Certain Personal Data may be considered sensitive Personal Data due to their particularity, e.g. your ethnicity, religion, personal health and medical information, etc.

Please note that the information you provide, upload or post through our website, mobile application or social media platforms (e.g. photographs or information about your social activities) may disclose your sensitive Personal Data.  You need to carefully consider whether your sensitive Personal Data should be disclosed.

We will ask you for your consent when collecting and handling this type of Personal Data, unless we are otherwise permitted to process such Personal Data under EEA data protection law.

2.3      Legal Bases for Processing of Personal Data

EEA data protection law allows companies to process Personal Data only when the processing is permitted by specific “legal bases” set out in law.  In compliance with our obligations under EEA data protection law, we are required to identify the “legal bases” on which we rely to process your Personal Data.

In Table 1 below, we have linked each purpose mentioned in section 3.1 of our Privacy Policy to the relevant “legal bases”.  For more details on each of the “legal bases”, please see Table 2 below.

Table 1:

Purposes of the data processing  Legal bases 
 To provide our services and products (3.1(a))
-         contract performance

-         legitimate interests (to allow us to perform our obligations and provide services to you)

For sensitive Personal Data

-         consent

 To provide customer support (3.1(b))
-         contract performance

-         legal obligation

-         legitimate interests (to allow us to correspond with you in connection with our services)

 To operate loyalty or reward programme(3.1(c))
-         consent

-         contract performance

-         legitimate interests (to allow us to provide tailored services to you)

 For marketing purposes (3.1(d))
-         consent (which can be withdrawn at any time)

-         legitimate interests (to enable us to provide you with details of products and services that may be of interest to you)

 For analytics and profiling (3.1(e))
-         consent (which can be withdrawn at any time)

-         legitimate interests (to enable us to tailor our marketing to you)

 To improve our services (3.1(f))
-         legitimate interests (to allow us to maintain and improve the quality of our services and products)
 For safety and security purpose (3.1(g))
-         legal obligation

-         legal claims

-         legitimate interests (to allow us to guard against other unlawful activity)

For sensitive Personal Data

-         legal claims

-         vital interests

-         substantial public interest

 For legal and administrative purposes  (3.1(h))
-         contract performance

-         legal obligation

-         legal claims

-         legitimate interests (to cooperate with law enforcement and regulatory authorities)

For sensitive Personal Data

-         legal claims

-         substantial public interest

 To reorganise or make changes to our business (3.1(i))
-         legitimate interests (in order to allow us to change our business)

Table 2:

These are the principal legal bases that justify our processing of your Personal Data: 
 Consent: where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use and may withdraw your consent by contacting us according to section 5 of the Privacy Policy). If you withdraw your consent, we may be unable to provide a service that requires the use of such data.
 Contract performance: where your information is necessary to enter into or perform our contract with you.
 Legal obligation: where we need to use your information to comply with our legal obligations.
 Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
 Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
 These are the principal legal bases that justify our processing of sensitive Personal Data:
 Protection of vital interests of you or another person, where you and/or the other person is/are unable to consent: Processing is necessary to protect the vital interests of you or of another natural person where you and/or the other person is/are physically or legally incapable of giving consent.
 Legal claims: where your information is necessary for us to establish, defend, prosecute or make a claim against you, us or a third party.
 In the substantial public interest: Processing is necessary for reasons of substantial public interest, on the basis of EEA or local law.
 Explicit consent: You have given your explicit consent to the processing of those personal data for one or more specified purposes.  You are free to withdraw your consent by contacting us according to section 5 of the Privacy Policy. If you do so, we may be unable to provide a service that requires the use of such data.


2.4 
Export outside the
EEA

Your Personal Data may be transferred to, stored at and/or accessed by us, the Transferees or our business partners in a destination outside the country in which you are located, whose data protection laws may be of a lower standard than those in your country.  We will, in all circumstances, safeguard Personal Data as set out in this Privacy Policy. 

Where we transfer Personal Data from inside the EEA to outside the EEA, we may be required to take specific additional measures to safeguard the relevant Personal Data.  Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Data to these jurisdictions.  In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), we will establish legal grounds justifying such transfer, such as European Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements.

Please contact us as set out in the “Contacting Us” section in the Privacy Policy if you would like to see a copy of the specific safeguards applied to the export of your Personal Data.

2.5  Retention Period

Our retention periods for your Personal Data are based on business needs and legal requirements.  We retain your Personal Data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose(s).

For example, we may retain (i) certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or (ii) certain data to comply with regulatory requirements regarding the retention of such data.  When your Personal Data is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.

2.6  Your Rights

In addition to the rights set out in section 5 of the Privacy Policy, you may have the rights in certain circumstances under EEA data protection law to:

(a)        where processing is based on consent, withdraw your consent so that we stop that particular processing;

(b)        ask us to transmit the Personal Data you have provided to us and we still hold about you to a third party electronically;

(c)        object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and/or

(d)        restrict how we use your Personal Data (e.g. whilst a complaint is being investigated).

Please note that we will not charge a fee when we deal with your requests in the exercise of these rights.

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).  If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.

If you are not satisfied with our use of your Personal Data or our response to any exercise of these rights, you have the right to complain to the data protection regulator in the country in which you are based – a list of EEA data protection regulators and their contact details can be found at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.  You are also encouraged to contact our EU representative according to section 5 of the Privacy Policy if you are not satisfied with our use of your Personal Data. 







 3. California Appendix

3.1     Application

This California Appendix applies if you reside in California, United States.

3.2     California Privacy Rights

3.2.1      Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Data which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties.  If you are a California resident and would like a copy of this information, please submit a written request to the following address:   Dataprotectionoffice@swirehotels.com

3.2.2      At this time, we do not respond to browser do-not-track signals.

 


By continuing to browse www.east-beijing.com, you will be agreeing to the Privacy Statement, and the Use of Cookies Policy while using the website.