Stay Connected Book Now
Book
Book Now

Privacy Policy

Swire Properties Hotel Management Limited Privacy Policy

PRIVACY POLICY

Swire Properties Hotel Management Limited 

General Terms

(Last updated: 17 Jul 2024)



  1. Introduction

     

    1.1. This Privacy Policy applies to Swire Properties Hotel Management Limited and its affiliated companies as listed in Schedule 1 (collectively, “Group Companies”, “we”, “our” or “us”),  except that we may have other specific privacy policies for specific situations (in which case such specific privacy policies will apply).

     

    1.2. We may collect personal data ("Personal Data") from our customers, patrons, guests, members of loyalty programmes and visitors (“you” or “your”) when you use our Services (as  defined in paragraph ‎1.4 below). We are committed to protecting the privacy of your Personal Data we hold.

     

    1.3. To ensure that you can make informed decisions and feel confident about providing your Personal Data to us, we outline in this Privacy Policy:-

     

    (a) What Personal Data We Collect
    (b) How We Use Your Personal Data and Who We Disclose To
    (c) How We Retain, Store and Protect Your Personal Data
    (d) Your Rights and Contacting Us
    (e) Cookies
    (f) Third Party Websites
    (g) Reminder about Information Sharing 
    (h) Amendment of the Privacy Policy 
    (i) Language of Privacy Policy

     

    The Privacy Policy Appendix (appended to this Privacy Policy) will also apply if you are a resident or stay in certain countries/regions, including (i) the mainland People’s Republic of  China (excluding Hong Kong Special Administrative Region, Macau Special Administrative Region and Taiwan), and (ii) the European Union, Iceland, Liechtenstein and Norway (together the  “EEA”). To the extent that there is any conflict between the General Section of this Privacy Policy and the Privacy Policy Appendix, the Privacy Policy Appendix shall  apply. 

     

    1.4. “Services” or “Activities” means any new and/or existing services, products, facilities, activities, contests, lucky draws and/or other events, such as using our websites or mobile  applications, following or using our social media accounts e.g. WeChat Official Account, receiving emails or text messages from us or sending us emails or text messages, using our  telephone customer service, etc. relating to us and/or our Group Companies or our or their portfolios of properties or tenants in such portfolios of properties.  If you do not provide the  relevant Personal Data, you may not be able to register as our user, enjoy the Services, or, even if we continue to provide you with certain Services, the quality of such Services may not  be optimal.

     

    Note: Protecting the privacy of children under eighteen (18) years of age is our primary concern.  Our website or mobile applications are not intended for children under  eighteen (18) years of age.

     

  2. What Personal Data We Collect

    2.1.We may collect and process some or all of the following Personal Data about you:- 

    (a)  your personal information ► personal information that you provide to us, such as when using our Services, website or mobile application, including your name, gender, date of  birth, age, identity card number or other personally identifiable number, etc.;

    (b)  your contact information ► contact information you disclose to us, such as telephone numbers, addresses, mailing addresses, WeChat accounts, email addresses and fax   numbers, etc.;

    (c)  your business information ► including company name, business title, and associated contact information, etc.; 

    (d)  your payment details ► information on your credit or debit or other charge cards, or other means of payment, including name of cardholder, card number, billing address, security   code and expiry date, information on other electronic payment accounts (including but not limited to WeChat Wallet, Alipay account, Apple Pay etc.);

    (e)  your travel details ► you and your companions’ travel details, personal information of your travel companions, including flight information, accommodation information and   information related to travellers’ special needs or preferences, health condition, etc.;

    (f)  your photographs or videos ► photographs or videos being collected when you participate in our Activities or use our Services, whether registered in advance or open to the public   at any time;

    (g)  your interest and preferences ► your interests, personal preferences, comments and consumption habits, etc.;

    (h)  survey information ► your comments and responses, etc. to market surveys, contests and promotional offers conducted by us or on our behalf; and/or

    (i)  website and communication usage ► details of your visits to our websites or mobile apps or social media platforms collected through cookies or other tracking technologies   including behavioural information, browser details, IP addresses, purchasing history, location information, etc.

    2.2.Your Personal Data is required for the use of our Services.  If you fail to supply such Personal Data requested, we may not be able to deliver to you the relevant Services.  By providing your Personal Data to us, you acknowledge that you have made an informed decision in providing such Personal Data.

     

    2.3.We may collect Personal Data about you directly or from third parties such as business partners under joint promotions and brand collaborations.  We may also generate and compile Personal Data and collect Personal Data from publicly available sources about you.

     

    2.4.If you provide us with Personal Data about other individuals (e.g. your companion), you must tell those individuals that you have provided us with their details and let them know where they can find a copy of this Privacy Policy.

     

  3. How We Use Your Personal Data and Who We Disclose To

     

    3.1.We may use the Personal Data collected about you for one or more of the following purposes:-  

    (a)  To provide the Services ► to provide the Services to you (e.g. to process your reservation requests and confirm your booking, to facilitate any special requests or assistance that   you have asked for), to process payment for any of the Services (e.g. to verify credit card details with third parties), to identify and verify your identity based on your personal   information in connection with any of the Services that may be provided to you; 

    (b)  To provide customer support ► To manage customer relationship such as responding to your enquiries, and communicating with you by email, letter, telephone, mobile   application (e.g. WeChat Push) or other means;

    (c)  To operate loyalty or reward programmes ► To facilitate applications of, and operate and administer any Services (including membership, loyalty or reward programmes   (including joint collaborations with other brands) etc.).  We may transfer your Personal Data to the operators of the Services (including our loyalty or reward programmes or our   business partners (including brands that we collaborate with)) to facilitate your participation;

    (d)  For marketing purposes ► Where you have provided consent or do not object in writing (as required by law), to provide you with news, latest offers and promotions or marketing   communications, where you have chosen to receive these.

    • We may use your name, contact details, location data, customer profiling information (including information about your use of our website and activity on social media platforms, including your preferences, transaction pattern and behaviour) collected compiled, generated or held by us from time to time for marketing our own, other Group Companies’ and/or our business partners’ Services to you by email, letter, telephone, fax, text messages, mobile application (e.g. WeChat Push).
    • In particular, we may use your Personal Data for marketing, research, questionnaires, promotional and customer relationship management purposes including sending you information relating to our own, our Group Companies’ and/or our business partners’ products, facilities, services, membership clubs, reward programmes (including joint collaborations with different brands), activities, contests, lucky draws, promotions, blogs, newsletters and/or events in the following categories: hotels, spa services and restaurants(together, "Classes of Marketing Subject").

    • We may also provide your name and contact details to (a) providers (whether within or outside Group Companies) of any of the Classes of Marketing Subject, (b) business partners of our Group Companies, (c) any member of our Group Companies, (d) marketing or research services providers and/or (e) charitable or non-profit making organizations, so that they can send you information in relation to the above Classes of Marketing Subject.

    • Where required by law, we will ask for your consent at the time we collect your Personal Data to conduct any of these types of marketing and promotions.  We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in the “Contacting Us” section below.  We may share data or statistics with third parties in aggregated and anonymised form for marketing purposes;

    (e)  For analytics and profiling ► To conduct analysis from time to time to better understand your spending, dining and/or other consumption needs, preferences, interests,   experiences and/or habits.  In order to enhance your experience or for other uses to which you agreed, we, subject to compliance with applicable laws and regulations, may   combine the Personal Data we collected about you from other Group Companies or our business partners so that we can customise the content or display information which is   most relevant to you.  For example, Personal Data collected about you when you use the Services provided by other Group Companies may be combined with Personal Data we   collected about you when you stayed in one of our hotels, so we can better understand your preferences and tailor our marketing communication to include offers that are of the   most interest to you. Where your jurisdiction has specific rules on Automated Decision Making, please also refer to the applicable Appendix to these General Terms in relation to   our Processing of your Personal Data through Automated Decision Making.

    (f)  To improve the Services ► To design new and/or enhance existing Services;

    (g)  For safety and security purpose ►To safeguard public interest, or protect the personal safety of our customers, our employees or other hotel users, and property safety of the   Group Companies.  We may also conduct background checks and/or credit searches on companies who wish to open a corporate account with any of our hotels for verification   purposes and to prevent fraud or other criminal activities.  This may include disclosures to credit reference agencies, credit, debit and/or charge card companies and/or banks, and   medical professionals, clinics and hospitals.

    (h) For legal and administrative purposes ► To comply with applicable laws and regulations, court order or any requirements of relevant government authorities or securities   exchange; to establish legal claims or defences; to obtain legal advice; to exercise, safeguard and/or protect the rights or properties of any member of the Group Companies,   including identifying or bringing legal action against any person who may be causing interference with such rights or properties (whether intentionally or otherwise) or where any   other person could be harmed or property of any other person could be damaged by such interfering activitiesThis may include disclosures to any counterparties (and its legal   advisors), insurers, loss  adjustors, government, regulatory or law enforcement authority, administrative organisation or securities exchange of any jurisdiction;

    (i) To reorganise or make changes to our business ► In the event of: (i) the sale (or a proposed sale) of our company or business or part thereof to a third party; or (ii) our company  undergoing a re-organisation, we may need to transfer some or all of your Personal Data to the relevant third party (or its advisors) as part of any due diligence process for the  purpose of analysing any sale (or proposed sale) or re-organisation.  We may also need to transfer your Personal Data to that re-organised entity or third party after the sale or  reorganisation for them to use for the same purposes as set out in this Privacy Policy.

     

    3.2. In addition to the disclosures we have identified above, we may disclose Personal Data for the purposes set out in section 3.1 to the following entities (the “Transferees”):- 

    (a)  any members of the Group Companies;

    (b)  any agent, contractor or third party service provider who provides administrative, marketing, distribution, data processing, telemarketing, telecommunications, computer, payment or   other services to support the provision of the Services (including operations of our business and perform activities on our behalf); and/or

    (c)  our or our Group Companies’ advisors (e.g. legal, financial, business or other advisors) who are under a duty of confidentiality to us or our Group Companies.  

     

  4. How We Retain, Store and Protect Your Personal Data

    Retention 

    4.1.  Your Personal Data will be retained by us only for as long as is necessary to fulfil the purposes mentioned in this Privacy Policy, or for a duration as required or permitted by  applicable  laws and regulations.

    Security

    4.2. In order to ensure the correct use and to maintain the accuracy of the Personal Data collected from you, as well as preventing unauthorised or accidental access, processing, erasure or   other use of the Personal Data, we have implemented various internal policies (including physical, electronic and management measures) and various security technologies and   procedures.  For example, appropriate encryption technologies and access control requirements are implemented to protect your Personal Data. Where we collect Personal Data online,   we use an industry standard for encryption over the Internet known as Secure Socket Layer (SSL) protocol to protect the Personal Data.  Our websites have firewalls in place, which   should protect the Personal Data collected from you against unauthorised or accidental access.  However, please understand that, due to technical and risk prevention limitations, even  if  we have made our best effort to enhance security measures, we cannot ensure that your Personal Data is absolutely safe.  You should note that the systems and communication   networks you use to access our Services may be subject to problems beyond our control.  Therefore, you are advised to protect against unauthorised access to your password and  credit  card details.  When using a shared computer, make sure you sign out from your account when finished.

    4.3.  When we share your Personal Data with any third parties, we will strive to ensure that such third parties comply with this Privacy Policy and other appropriate confidentiality and security   measures that we require them to comply with when using your Personal Data, except for the Personal Data you provide directly to the third parties through the use of their services.

    Export of Personal Data

    4.4.  Your Personal Data may be transferred outside the country in which you are located, including to countries with a lower level of data protection than in the country in which you are   located.

  5. Your Rights and Contacting Us 

    General Rights 

    5.1. Under certain conditions, you may have the right to:- 

    (a) access your Personal Data held by us;

    (b) correct your Personal Data held by us;

    (c) request deletion or erasure of your Personal Data; 

    (d) object to the sharing of your Personal Data; and/or

    (e) object to the profiling of your Personal Data.   

    If you would like to exercise any of the above rights or obtain a copy of any of your Personal Data, or if you believe that any of your Personal Data which we collect and maintain is   inaccurate or would like to request for information regarding policies and practices and kinds of personal data held by us, please contact us at the address set out in section 5.5 below.

    5.2.  We will endeavour to use appropriate technical means to ensure that you can access, update and correct your Personal Data.  In accessing, updating, correcting and/or deleting your   Personal Data, we may ask for you to authenticate your identity in order to protect the safety of your Personal Data.

    5.3.  To the extent permitted by relevant laws and regulations, we reserve the right to refuse unreasonable requests (for example, requests which infringe the privacy of others).  To the extent   permitted by relevant laws and regulations, we reserve the right to charge a reasonable fee for the cost of processing any request set out in Section 5.1 above.

    Right to opt out of direct marketing

    5.4.  If you agree to receive marketing communication but do not wish to receive them in the future, you may opt out of receiving them at any time, free of charge, by the following applicable  means:-

    (a)  unsubscribing by following the "Reply To" instructions contained in the marketing text message; 

    (b)  following the unsubscribe instructions or hyperlink in the email; 

    (c) following the unsubscribe instructions in the mobile application; 

    (d)  notifying us that you no longer wish to receive marketing communication when receiving our marketing calls; or

    (e)  contacting us at the address stated in section 5.5 below to tell us that you no longer wish to receive marketing communication through any channel.

     

    5.5. We may issue service-related announcements to you when necessary (e.g. when we suspend a service due to system maintenance).  You may not be able to opt out of these  announcements which are service-related and not promotional in nature.

    Contacting us
    Contact person: Data Protection Officer
    Company Name: Swire Properties Hotel Management Limited

    5.6. Address: Suite 2701-05, 1111 King’s Road, Taikoo Shing, Hong Kong

    Email address: Dataprotectionoffice@swirehotels.com 

    Should you need to contact us in Europe, you may contact our EU representative as follows:

    Company Name: activeMind.legal
    Address: RA Klaus Foitzick, Kurfürstendamm 56, 10707 Berlin 
    Email address: eu-dataprotection@swirehotels.com


  6. Cookies

    We use cookies on our websites.  Please see our Cookies Policy (which can be found at https://www.swirehotels.com/en/cookie/) for more information on how we use cookies. 


  7. Third-party websites

    7.1. Third-party websites are independent from our websites, and we have no control over the contents of such third-party websites, their privacy policies or compliance with the law.  You  should therefore be fully aware that the provision of links to third party websites does not constitute an endorsement, approval, or any form of association by or with the Group  Companies.  We have no control over Personal Data that you have submitted to these websites.  Therefore, you should remain alert when you leave our websites.

    7.2.  Your use of such third-party social media services or other services (including any Personal Data you provide directly to such third parties through the use of their services) are subject to  the third party's own terms and conditions of service and privacy policy (and not this Privacy Policy), which you have to read carefully.  This Privacy Policy applies only to any  information we collect and does not apply to any of your Personal Data that any third party collects during the process of providing service to you, and we do not take any  responsibility for the use of Personal Data by any third party to whom you provide the information directly.


  8. Reminder About Information Sharing

    8.1.  Our website and mobile applications allow you to publicly share your relevant information, not only with your social networks but also with all users of our website or mobile applications,   e.g., the information you upload or post through them (including your publicised Personal Data, the posts you have created), your responses to information uploaded or posted by  others,  log information and location information that you share.  Other users of our website or mobile applications may also share your related information.  In particular, our social  media  platforms are specifically designed to allow you to share information with users around the world so that shared information can be delivered real time and extensively.

    8.2.  As long as you do not delete the shared information, the information remains in the public domain; even if you delete the shared information, the information may still be cached, copied   or stored in our backend systems or independently by another user or unrelated third parties not controlled by us, or kept by other users or such third parties in the public   domain.  Therefore, you should carefully consider the content of the information you upload, post and exchange through our website and mobile applications.

     

  9. Amendment of Privacy Policy

    9.1.  We may amend the terms of this Privacy Policy from time to time.  The amendments form part of this Privacy Policy.  You may access and obtain a copy of this Privacy Policy, as   amended from time to time, at our relevant website so that you are always informed of the ways we collect and use personal data.  By continuing to use our website or mobile   applications, you agree to be bound by this Privacy Policy as amended from time to time.

    9.2.  Where required under applicable data protection laws and regulations in the relevant jurisdiction, we may seek your consent. If you do not provide your consent, we may be unable to   continue performing our obligations or providing our Services to you.

  10. Language of Privacy Policy

 

This Privacy Policy is written in the English language and may be translated into other languages.  In the event of any inconsistency between the English version and the translated version  of  this Privacy Policy, the English version shall prevail.

Privacy Policy Appendix


This Appendix applies if you reside in the following countries/regions:-

A. Chinese Mainland Appendix

B. Europe Appendix

 

  1. Chinese Mainland Appendix

 

(Last updated: 31 Oct 2022)


  1. Application

    1.1.  This Chinese Mainland Appendix applies (in addition to the General Terms) to explain how our Group Companies Process your Personal Information, if you stay within the mainland   People’s Republic of China (“Chinese Mainland”).  For the purpose of this Privacy Policy, Chinese Mainland excludes the Hong Kong Special Administrative Region, the Macau   Special Administrative Region and Taiwan.

    1.2.  Unless defined otherwise in this Chinese Mainland Appendix, all capitalised terms herein shall have the same meaning as given to them in the General Terms.

     

  2. Personal Information

    In this Chinese Mainland Appendix, “Personal Information” means any type of information (recorded via electronic means or otherwise) associated with an identified or identifiable  natural person, but excluding information after anonymisation handling. Personal Information may include Sensitive Personal Information (defined below).

     

  3. Consent

    We will collect, store, use, process, transmit, provide, disclose or delete (together, “Process”) your Personal Information in accordance with this Privacy Policy, and we may only do so  with your consent. Where the applicable Chinese Mainland data protection laws and regulations require us to provide separate consent under certain circumstances, we will only Process  such Personal Information upon obtaining your separate consent.

  4. Sensitive Personal Information

    4.1.  Certain Personal Information may be considered sensitive Personal Information due to their particularity. “Sensitive Personal Information” means Personal Information which, if  leaked  or used illegally, may easily cause harm to the dignity of natural persons, or cause harm to personal or property safety, including biometric information; religious belief;  specific identity  information; health and medical information; financial account information; individual location tracking information and Personal Information of minors under the age  of fourteen (14).

    4.2.  We may process certain Sensitive Personal Information to provide our Services to you.Specifically: (a) in order to process your payments for our Services, we may collect the  following  Sensitive Personal Information from you: (i) identity card number or other personally identifiable number; (ii) accommodation / address information; and (iii) your credit or  debit or other  charge card information on other electronic payment accounts (including but not limited to WeChat Wallet, Alipay account, Apple Pay etc.); (b) in order to provide  personalised hospitality  services to you, we may process your special needs or preferences information (including in relation to your health condition); and (c) in order to conduct  analytics and profiling, we may  process information regarding your interaction with our website and/or your activity on social media platforms (including your preferences, transaction  pattern and behaviour); details of  your visits to our websites or mobile apps or social medial platforms collected through cookies or other tracking technologies including behavioural  information; browser details, IP  addresses, purchasing history, location information, your interests, personal preferences, comments and consumption habits.

    4.3.  This Privacy Policy describes how your Sensitive Personal Information will be Processed for the purposes and by the means described in this Privacy Policy. We shall Process such   Sensitive Personal Information upon obtaining your separate consent.

    4.4.  You need to carefully consider whether your Sensitive Personal Information should be disclosed through our Services. It is necessary for you to provide us with such Sensitive  Personal  Information, so that we can provide certain Services to you. If you do not provide us with your separate consent, we may not be able to provide certain Services to you.

     

  5. Age Limit

    5.1.  Our Services target those who are above the age of fourteen (14). If you have not reached fourteen (14) years of age, please ensure that you have obtained your guardian’s  consent  before providing us with your Personal Information.

    5.2.  We will not collect, use or otherwise process Personal Information of individuals who are under fourteen (14) years of age without separate consent from their parents or guardians.

    5.3.  Where we have obtained separate consent from parents or guardians for Processing their minors’ Personal Information, we will only Process, retain and protect those minors’  Personal  Information in the same manner and in the same locations as set out in this Privacy Policy (as supplemented by the Chinese Mainland Appendix). If the parents or  guardians refused to  provide separate consent for our Processing of their minors’ Personal Information which are necessary, we may not be able to provide certain Services to their  minors. To exercise any  data subject rights for minors, please refer to “How do you exercise your data subject rights” section below.

     

  6. Purposes and Use of Personal Information

    6.1.  This paragraph 6 supplements paragraphs 2 and 3 of the General Section.

    6.2.  To provide the Services (such as when providing you with our website or mobile application, our membership or loyalty schemes and our aftersales services), we collect your  Personal  Information, including as follows:

    (a)  to verify your identity: your name, gender, date of birth, age, identity card number or other personally identifiable number, signature;

    (b)  to provide for transportation or check-in services: you and your companions’ travel details, Personal Information of your travel companions, including flight information,   accommodation information;

    (c) to provide catering or spa treatment services: Personal Information related to travellers’ special needs or preferences and health condition; and

    (d)  to administer our Activities: photographs or videos being collected when you participate in our Activities or use our Services, whether registered in advance or open to the  public at  any time.

     

    6.3.  To process your reservation requests and confirm your booking: We collect your contact information, such as telephone numbers, addresses, mailing addresses, WeChat accounts,  email addresses and fax numbers.

    6.4.  To process payment for any of the Services (including e-commerce transactions): We collect your credit or debit or other charge cards information on other electronic payment  accounts  (including but not limited to WeChat Wallet, Alipay account, Apple Pay, etc.).

    6.5.  To provide customer support and to manage customer relationship (such as responding to your enquiries, and communicating with you): We collect your business information  including  email, telephone, mobile application (e.g. WeChat ID), company name, business title, occupation and associated contact information.

    6.6.  To provide marketing materials: We may collect your name, contact details, location data, customer profiling information (including information about your use of our website and  activity  on social media platforms, including your preferences, transaction pattern and behaviour) collected, compiled, generated or held by us from time to time for marketing our  own, other  Group Companies’ and/or our business partners’ Services to you by email, letter, telephone, fax, text messages, mobile application (e.g. WeChat Push).

    6.7.  To conduct analytics and profiling (including to provide customised Services): We collect: details of your visits to our websites or mobile apps or social medial platforms collected  through  cookies or other tracking technologies including behavioural information, browser details, IP addresses, purchasing history, location information, your interests, personal  preferences,  comments and consumption habits.

    6.8.  To improve the Services (including designing new and/or enhancing existing Services): We collect survey information, your comments and responses, etc. to market surveys,  contests  and promotional offers conducted by us or on our behalf.

    6.9.  To ensure safety and security of our premises: We collect background checks and/or credit searches information on companies who wish to open a corporate account with us for   verification purposes and to prevent fraud or other criminal activities.

    6.10. There are several ways for us to collect your Personal Information, including that we may directly collect your Personal Information from you (such as when you reserve for our    Services), or we may collect your Personal Information from third parties including our agents and services providers to facilitate your booking for our Services, or we may collect   your   Personal Information when you participate in our Activities.

    6.11. We shall not be required to obtain your consent to Process your Personal Information if any of the following situations applies:

    (a)  where the Processing of Personal Information is necessary for the conclusion or performance of a contract to which you are a contracting party, or where it is necessary to  carry out  human resources management according to lawfully formulated labour rules and lawfully concluded collective contracts;

    (b)  where it is necessary to perform a statutory responsibility or obligation, for example, making disclosures when required by law, regulation, or court order of any jurisdiction  and/or as  requested by any government, regulatory or law enforcement authority or administrative organisation, which may be within or outside the Chinese Mainland;

    (c)  if the Processing of Personal Information is necessary to respond to a public health emergency, or to protect the life, health or property safety of an individual in case of an  emergency;

    (d)  where Personal Information is processed within a reasonable scope to carry out news reporting, public opinion supervision or any other activity for public interest purposes;

    (e)  where the Processing relates to Personal Information disclosed by you or otherwise already lawfully disclosed, within a reasonable scope in accordance with applicable laws;  or

    (f)  if the Processing of Personal Information is directly related to:

    (i)  national security and national defence;

    (ii)  public safety, public health and major public interest; or

    (iii) criminal investigations, criminal prosecutions, adjudication or enforcement of judgments, or other related matters.

    6.12. Your Personal Information may be Processed in our headquarters in Hong Kong as well as other countries, including Chinese Mainland, the United States of America and Singapore.

  7. How We Share Your Information

    7.1.  To facilitate the purposes mentioned under this Privacy Policy, and without prejudice to relevant laws and regulations, we may transfer and/or disclose your Personal Information to our Group Companies, and/or third parties who will Process your Personal information according to their own purposes and methods of Processing (together, “Third Party Personal Information Handlers”). These Third Party Personal Information Handlers may be located within or outside the Chinese Mainland. We will only transfer and/or disclose such Personal Information upon obtaining your separate consent, and in accordance with applicable Chinese Mainland data protection laws. These Third Party Personal  Information Handlers will include (but not limited to) Swire Properties Limited. You can contact us for the relevant information regarding these Third Party Personal Information Handlers. Our contact details are located in Paragraph 9.2 below.

    7.2.  Furthermore, we may transfer and/or disclose your Personal Information to third parties appointed by us who only Process your Personal Information on our behalf, including any   agent, contractor or third-party service provider who provides administrative, marketing and research, distribution, data processing, telemarketing, telecommunications, computer,   payment, transportation or other services to or support the operation of the Group Companies’ business (including its/their direct marketing activities).

    7.3.  Other than those stated in paragraph ‎7 and in the situations stated in paragraph ‎6.11, we will not share your Personal Information with any other third parties, except that we may   share data or statistics (which are not Personal Information) with third parties in aggregated or anonymised form.

    7.4.  When we share your Personal Information with any third parties, we will strive to ensure (including but not limited to using contractual measures or adopt encryption for transfer to   ensure) that such third parties comply with this Privacy Policy and other appropriate confidentiality and security measures that we require them to comply with when using your   Personal Information, except for the Personal Information you provide directly to the third parties through the use of their services.

    7.5.  With the continuous development of our business, we may engage in mergers, acquisitions, dissolution, liquidation, transfer of assets or similar transactions, and in such cases,  (i)  we shall inform you all such information that is required under applicable Chinese Mainland data protection laws; and (ii) your Personal Information may be transferred to any   actual assignee or purchaser of all or any part of our (and/or our Group Companies’) business and/or assets; and our service providers in these situations.

     

  8. How We Retain, Store and Protect Your Personal Information

    8.1.  Your Personal Information will be retained by us only for as long as is necessary to fulfil the purposes mentioned in this Privacy Statement, or for a duration as required or permitted  by  laws and regulations. In any event, unless required by applicable laws and regulations or with your consent, in relation to your Personal Information collected for maintaining your   membership with us, we will keep those Personal Information during your membership period. After your membership account with us is terminated and in relation to your Personal   Information held by us generally, we shall retain your Personal Information for not more than 6 years from the last activity or interaction with us. After the end of the retention period,  we  will delete or anonymise your Personal Information.

    8.2.  In order to ensure the correct use and to maintain the accuracy of Personal Information collected from you, as well as preventing unauthorised or accidental access, disclosure,   alteration, loss or other use of Personal Information, we have implemented various internal management policies (including physical, electronic and management measures) and  various  security technologies and procedures based on classification of Personal Information we collect from you. For example:

    (a)  where we collect Personal Information online, we use an industry standard for encryption over the Internet known as Secure Socket Layer (SSL) protocol to protect Personal   Information;

    (b)  our websites have firewalls in place, which should protect Personal Information collected from you against unauthorised or accidental access;

    (c)  where required under applicable Chinese Mainland data protection laws and regulations, we will encrypt and/or de-identify your Personal Information;

    (d)  your Personal Information will only be accessed by our personnel on a “need-to-know” basis;

    (e)  we ensure that our personnel are regularly trained on data protection matters; and

    (f)  in order to mitigate any potential risks of unauthorised Processing of your Personal Information, we maintain a security incident response plan. Where required by applicable   Chinese Mainland regulations, we will also seek to inform you and the relevant authorities of any incidents concerning the Personal Information we Process on your behalf.

    However, please understand that, due to technical and risk prevention limitations, even if we have made our best effort to enhance security measures, we cannot ensure that the   information is absolutely safe. You should note that the systems and communication networks you use to access our Services may be subject to problems beyond our control. Therefore,   you are advised to protect against unauthorised access to your password and credit card details. When using a shared computer, make sure you sign out from your account when  finished.


  9. Automated Decision Making

    9.1.  For the purposes of this Chinese Mainland Appendix, “Automated Decision Making” means the use of computer programs or algorithms to automatically analyse or assess  interests,  hobbies or other personal behaviours, and make automated decisions based on such analysis or assessment.

    9.2.  From time to time we may Process your Personal Information through Automated Decision Making in the following scenarios:

    (a)  Processing IP address, location, cookies or previous browsing behaviour data through Automated Decision Making for the purpose of enhancing your browsing experience at  our  websites, and tailor the content we present to you to better match your preferences and interests; and

    (b)  where you use our mini programs on WeChat, Processing your IP address, WeChat profile data, mini program profile data, location data, device information, activity on  WeChat,  activity on mini programs through Automated Decision Making for the purpose of enhancing your browsing experience at our WeChat mini program and place  advertisements on  different channels including but not limited to WeChat or Tencent.

    9.3.  You have the following rights in respect of Automated Decision Making:

    (a)  Where we Process your Personal Information through Automated Decision Making to send direct marketing messages or push notifications to you, you have the right to opt-out   from such Automated Decision Making processing; and

    (b)  Where the decision made through the Automated Decision Making has a material impact on your personal interest, you also have the right to request for an explanation of such   decision, and the right to refuse our Processing through Automated Decision Making.

    If you would like to exercise your rights referred to in this paragraph ‎9.3, please refer to paragraph ‎10 below.     

     

  10. How Do You Exercise Your Data Subject Rights

    10.1.  You (or your next of kin or you acting on behalf of your minors, as permitted by applicable Chinese Mainland data protection laws and regulations) are entitled to exercise the following    data subject rights under the applicable Chinese Mainland data protection laws and regulations:

    (c)  access, copy, (where your Personal information is inaccurate or incomplete) correct and/or supplement any your Personal Information held by us;

    (d)  restrict or reject the Processing of your Personal Information held by us;

    (e)  request deletion or de-registration of your Personal Information which is held by us (where the purposes of Processing have been or cannot be fulfilled or are no longer  necessary,  where we cease to provide the Services or the retention period ends, where there is a breach of applicable law in our Processing or otherwise required by  applicable law);

       (f)  withdraw your consent to us Processing your Personal Information;

    (g)  request us to transfer your Personal Information to another organisation, if such transfer is permitted by applicable laws;

    (h) the rights set out in paragraph ‎9.3 above in respect of Automated Decision Making; and

    (i)  explain our rules on Processing of your Personal Information.

     10.2. If you wish to exercise any of the rights in paragraph ‎10.1 above, please contact us as follows:
      Contact person:        Data Protection Officer, Swire Properties Hotel Management Limited
      Address:      Suite 2701-05, 1111 King’s Road, Taikoo Shing, Hong Kong
      Email address:         Dataprotectionoffice@swirehotels.com

    10.3. We will endeavour to use appropriate technical means to ensure that you can exercise the above data subject access rights through the use of our Services. In processing your   requests relating to your data subject rights, we may ask for you to authenticate your identify in order to protect the safety of your Personal Information.

    10.4. To the extent permitted by relevant laws and regulations, we reserve the right to (i) refuse unreasonable requests (for example, requests which infringe the privacy of others); and  (ii) charge a reasonable fee for the cost of processing any request set out in paragraph ‎10.1 above.

     

 


B. Europe Appendix

1  Application

This Europe Appendix applies if you reside in any of the European Union, Iceland, Liechtenstein and Norway (“EEA”).

2  Sensitive Personal Data

Certain Personal Data may be considered sensitive Personal Data due to their particularity, e.g. your ethnicity, religion, personal health and medical information, etc.

Please note that the information you provide, upload or post through our website, mobile application or social media platforms (e.g. photographs or information about your social activities) may disclose your sensitive Personal Data.  You need to carefully consider whether your sensitive Personal Data should be disclosed.

We will ask you for your consent when collecting and handling this type of Personal Data, unless we are otherwise permitted to process such Personal Data under EEA data protection law.

3 Legal Bases for Processing of Personal Data

EEA data protection law allows companies to process Personal Data only when the processing is permitted by specific “legal bases” set out in law.  In compliance with our obligations under EEA data protection law, we are required to identify the “legal bases” on which we rely to process your Personal Data.

In Table 1 below, we have linked each purpose mentioned in section 3.1 of our Privacy Policy to the relevant “legal bases”.  For more details on each of the “legal bases”, please see Table 2 below. 

Table 1:

Purposes of the data processing

Legal bases

To provide our services and products (3.1(a))

  • contract performance
  • legitimate interests (to allow us to perform our obligations and provide services to you)

For sensitive Personal Data

  • consent

To provide customer support (3.1(b))

  • contract performance
  • legal obligation
  • legitimate interests (to allow us to correspond with you in connection with our services)

To operate loyalty or reward programmes (3.1(c))

  • consent
  • contract performance
  • legitimate interests (to allow us to provide tailored services to you)

For marketing purposes (3.1(d))

  • consent (which can be withdrawn at any time)
  • legitimate interests (to enable us to provide you with details of products and services that may be of interest to you)

For analytics and profiling (3.1(e))

  • consent (which can be withdrawn at any time)
  • legitimate interests (to enable us to tailor our marketing to you)

To improve our services (3.1(f))

  • legitimate interests (to allow us to maintain and improve the quality of our services and products)

For safety and security purpose (3.1(g))

  • legal obligation
  • legal claims
  • legitimate interests (to allow us to guard against other unlawful activity)

For sensitive Personal Data

  • legal claims
  • vital interests
  • substantial public interest

For legal and administrative purposes (3.1(h))

  • contract performance
  • legal obligation
  • legal claims
  • legitimate interests (to cooperate with law enforcement and regulatory authorities)

For sensitive Personal Data

  • legal claims
  • substantial public interest

To reorganise or make changes to our business (3.1(i))

  • legitimate interests (in order to allow us to change our business)


Table 2:

These are the principal legal bases that justify our processing of your Personal Data:

Consent:where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use and may withdraw your consent by contacting us according to section 5 of the Privacy Policy). If you withdraw your consent, we may be unable to provide a service that requires the use of such data.

Contract performance:where your information is necessary to enter into or perform our contract with you.

Legal obligation:where we need to use your information to comply with our legal obligations.

Legitimate interests:where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.

Legal claims:where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.

These are the principal legal bases that justify our processing of sensitive Personal Data:

Protection of vital interests of you or another person, where you and/or the other person is/are unable to consent:Processing is necessary to protect the vital interests of you or of another natural person where you and/or the other person is/are physically or legally incapable of giving consent.

Legal claims:where your information is necessary for us to establish, defend, prosecute or make a claim against you, us or a third party.

In the substantial public interest:Processing is necessary for reasons of substantial public interest, on the basis of EEA or local law.

Explicit consent:You have given your explicit consent to the processing of those personal data for one or more specified purposes. You are free to withdraw your consent by contacting us according to section 5 of the Privacy Policy. If you do so, we may be unable to provide a service that requires the use of such data.

4 Export outside the EEA

Your Personal Data may be transferred to, stored at and/or accessed by us, the Transferees or our business partners in a destination outside the country in which you are located, whose data protection laws may be of a lower standard than those in your country.  We will, in all circumstances, safeguard Personal Data as set out in this Privacy Policy.  

Where we transfer Personal Data from inside the EEA to outside the EEA, we may be required to take specific additional measures to safeguard the relevant Personal Data.  Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Data to these jurisdictions.  In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), we will establish legal grounds justifying such transfer, such as European Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements.

Please contact us as set out in the “Contacting Us” section in the Privacy Policy if you would like to see a copy of the specific safeguards applied to the export of your Personal Data. 


5 Retention Period

Our retention periods for your Personal Data are based on business needs and legal requirements.  We retain your Personal Data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose(s).

For example, we may retain (i) certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or (ii) certain data to comply with regulatory requirements regarding the retention of such data.  When your Personal Data is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.

6 Your Rights 

In addition to the rights set out in section 5 of the Privacy Policy, you may have the rights in certain circumstances under EEA data protection law to:

(a) where processing is based on consent, withdraw your consent so that we stop that particular processing;

(b) ask us to transmit the Personal Data you have provided to us and we still hold about you to a third party electronically;

(c) object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and/or

(d) restrict how we use your Personal Data (e.g. whilst a complaint is being investigated).

Please note that we may not charge a fee when we deal with your requests in the exercise of these rights.

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).  If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.

If you are not satisfied with our use of your Personal Data or our response to any exercise of these rights, you have the right to complain to the data protection regulator in the country in which you are based – a list of EEA data protection regulators and their contact details can be found at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.  You are also encouraged to contact our EU representative according to section 5 of the Privacy Policy if you are not satisfied with our use of your Personal Data.  

 

 

Schedule 1


List of affiliates of Swire Properties Hotel Management Limited


Swire Properties Hotel Holdings Limited

Swire Properties Hotel Services Limited

Cityplaza Holdings Limited

Pacific Place Holdings Limited

Airline Hotel Limited航空酒店有限公司

成都乾豪置业有限公司博舍酒店管理分公司 (Chengdu Qianhao Real Estate Company Limited)

北京三里屯酒店管理有限公司 (Beijing Sanlitun Hotel Management Company Limited)

北京麟联置业有限公司 (Beijing Linlian Real Estate Company Limited East Hotel)

冠丰(上海)房地产发展有限公司 (Guan Feng (Shanghai) Real Estate Development Company Limited The Middle House)

BCC Hotel Management Services LLC


(Last updated: 17 Jul 2024)