PRIVACY

SHARE

THE PAVILIONS HOTELS & RESORTS LIMITED: PRIVACY POLICY
 

We Are Committed to Protecting Your Privacy 

The Pavilions Hotels & Resorts Limited, located at Room 1601, 16th Floor Wilson House, 19-27 Wyndham Street, Hong Kong and its group companies (“Pavilions Group”) (together referred to as “Pavilions Group”, “we”, “us”, “ours” or “ourselves” below), have a strong commitment to provide quality service to our guests, patrons and potential customers and are further committed to protecting your privacy. 

The processing of personal data of a data subject by the Pavilions Group shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Pavilions Group.  

To ensure you as data subject can make informed decisions and feel confident about supplying personal data relating to you when purchasing our products and using our services, we provide this privacy policy (“Privacy Policy”) (together with our terms of use and any other documents referred to on it) outlining the nature, scope, and purpose of the personal data Pavilions Group collect, use and process.  Furthermore, you, as data subject, are informed of the rights which you are entitled.  You must read to fully understand all data protection measures adopted by the Pavilions Group.  By using our websites (including https://www.pavilionshotels.com and https://www.pavilionsresidences.com) and/or using services provided by the Pavilions Group, you will be regarded as having accepted the terms of this Privacy Policy.

  
DEFINITIONS

In this Privacy Policy of Pavilions Group, we use, inter alia, the following terms:

Personal Data

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The personal data which we may collect from you includes , among other things, your name, contact number, address, age, gender, passport or other identification document details, driver’s licence details, personal financial information, frequent flyer or travel partner information. 

Special categories of Personal Data

Special categories of personal data include information about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings, and genetic and biometric information.  Any use of special categories of personal data shall be strictly controlled in accordance with this Privacy Policy.  The Pavilions Group will require your explicit consent before we process special categories of personal data unless we are required to do so by law.

Data Controller

‘Data Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by law.

Data Processor

‘Data Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Processing

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

Profiling

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interest, reliability, behavior, location or movements.

Consent

Consent of data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Business Purposes

The business purposes for which personal data may be used by the Pavilions Group:

(1) Personnel, administrative, financial, regulatory, payroll and business development purposes;

(2) Business purposes include the following:

(a) Compliance with our legal, regulatory and corporate governance obligations and good practice
(b) Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests
(c) Ensuring business policies are adhered to (such as policies covering email and internet use)
(d) Operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting, credit scoring and checking
(e) Investigating complaints 
(f) Checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments
(g) Monitoring staff conduct, disciplinary matters

Supervisory Authority

This is the national body responsible for data protection.  The supervisory authorities applicable to the Pavilions Group are as follows:-

Spain: Agencia Española de Protección de Datos (AEPD)
Netherlands: Personal Data Authority (PDA)
France: Commission nationale de l'informatique et des libertés (CNIL)
Italy: The Italian Date Protection Authority (Garante)


CHANGES TO THIS PRIVACY POLICY

This privacy policy was last updated on 15th May 2018. In the future, we may need to make additional changes. All additional changes will be included in the Privacy Policy published on the Websites, so that you will always understand our current practices with respect to the personal data we gather, how we might use your personal data and disclosures of that personal data to third parties. You can tell when this Privacy Policy was last updated by looking at the date at the bottom of this Privacy Policy. Any changes to the Privacy Policy will become effective upon posting of the revised version on the Websites, and where appropriate, notified to you by e-mail.

This Privacy Policy contains numerous general and technical details about the steps we take to respect your privacy concerns. We have organised the Privacy Policy by major processes and areas so that you can review the information of most interest to you.

 
DATA PROTECTION PRINCIPLES


The Pavilions Groups shall comply with the principles of data protection (“Principles”) enumerated in the EU GDPR.  We will make every effort possible in everything we do to comply with the Principles.  The Principles are:-

1. Lawful, fair and transparent

Personal data processing must be fair for a legal purpose and we must be open and transparent as to how the data will be used.

2. Purpose limitation

Personal data can only be processed for purposes which are specified, explicit and legitimate.

3. Data minimisation

Any personal data processed must be necessary, relevant and adequate in relation to the purposes.

4. Accuracy

The personal data we retain must be accurate and kept up to date and shall be erased or rectified without delay if it is inaccurate for the purpose of processing.

5. Storage limitation

The retention of personal data in a form for allowing identification of you as data subject should not be longer than necessary.

6. Integrity and confidentiality

We adopt appropriate security measures of the personal data to avoid unauthorized loss or disclosure.

7. Accountability

We as controllers must ensure we comply with the Principles and are able to to demonstrate the compliance. 


COLLECTION AND USE OF PERSONAL DATA 

LEGAL BASIS FOR PROCESSING 

When you request a particular service from us or otherwise interact with the Pavilions Group, we will be required to process your personal data that we need for the following purposes:-

1.    in the normal course of our business, to allow us to register you to use our services and to provide you with our services on the basis that processing is necessary in order to perform our contract with you to provide our services;
2.    to allow us to manage your reservation on the basis that processing is necessary in order to perform our contract with you to provide our services
3.    to validate your personal data so as to check the personal data we hold about you is accurate, consistent and up to date on the basis that processing is necessary in order to perform our contract with you to provide our services;
4.    to process and/or respond to your requests, submissions, comments and any transactions;
5.    to provide technical support and ensure the continued and smooth operation of the Websites;
6.    to comply with any legal obligations to which we are subject to, including but not limited to (i) facilitate the administration of the business purposes; (ii) prevent or investigate actual/suspected fraud, hacking, infringement, or other misconducts involving our services or the Websites;
7.    to protect your vital interests in situations of life or death, physical injury or significant health risk;
8.    to perform a task in the public interest or official capacity.  

BROWSING 

(1)    OUR WEBSITES

When you browse the Websites, the Websites collect series of general data and information which is stored in server log files.  Information collected may be (1) the browser types and versions used; (2) the operating system used by the accessing system; (3) the website from which an accessing system reaches our website (so-called referrers); (4) the sub-websites; (5) the date and time of access to the website; (6) an Internet Protocol Address (IP Address); (7) the Internet Service Provider of the accessing system; and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.   We treat this information as personal data if identifiable person can be directly or indirectly identified by reference to log files.
When using these general data and information, the Pavilions Group does not draw any conclusions about you as data subject.  Rather, this information is needed to (1) deliver the content of our website correctly; (2) optimize the content of our website as well as its advertisement; (3) ensure the long term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.   Therefore, the Pavilions Group analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process.  The anonymous data of the server log files are stored separately from personal data provided by you.

 
(2)    COOKIES

By using the Websites, you agree that we may automatically collect information through the use of “cookies”.  The Websites only use “cookie” technology as a tracking tool. Cookies do not retain your personal data and information provided during the online reservations. Cookies identify your browser, rather than you and cannot be used by themselves to disclose your individual identity. Cookies enable us to track the number of page visits from the same computer or browser to be aggregated for statistical purposes.
Cookies do not corrupt or damage your computer, programs, or computer files.
The purpose for which cookies -- other than those which are either exclusively intended to enable or facilitate communication by electronic means or strictly necessary for the provision of an online communication service at your express request -- are used on the Websites is set forth in a banner appearing the first time you land on the Websites. By continuing to browse on the Websites, you consent to their use.
You may set your browser to block Cookies, although doing so will affect your ability to perform certain transactions, use certain functionality, and access certain content on the Websites. Procedures for managing your settings may differ depending on your browser. Please consult the instructions for your particular browser on how to do this. From commonly used browsers, please click the links below:
 
Microsoft Windows Explorer 
Google Chrome
Mozilla Firefox
Apple Safari

If you do not use any of the browsers listed above, choose the "Help" function, followed by "Cookies" to find out where your cookie folder is stored.


(3)    PIXEL TAGS

The Pavilions Group and our third-party service providers may use pixel tags (also known as “clear gifs”, “beacon gifs” etc.), tracking links and/or similar technology for the following purposes:-
●    Track customer response to the Pavilions Group advertisements and website content; 
●    Determine your ability to receive HTML-based e-mail messages. Our e-mail service provider includes a pixel tag, which they refer to as a “coded sensor” in all of the HTML-based messages sent on our behalf. The sensor activates when the e-mail message is opened and flags the e-mail address of the user as one that is capable of receiving HTML-based e-mail messages. This capability helps our service provider to send the e-mail in a format you can read. The sensor does not collect or use any other information. If you cannot receive HTML, you will not receive a functioning sensor; 
●    Know how many users open an e-mail and allow our service provider to compile aggregated statistics about an e-mail campaign for us; and 
●    Allow us to better target interactive advertising, enhance customer support and site usability, and provide offers and promotions that we believe would be of interest to you. Your personal data and information will not be collected apart from what you voluntarily provide us in your dealings with our group operations.


(4)    DEVICE IDENTIFIERS


When you access the Websites by or through a mobile device (including but not limited to smartphones or tablets), we use one or more “device identifiers,” such as a universally unique identifier (“UUID”). Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify its mobile device.
A device identifier may be data stored in connection with the device hardware, data stored in connection with the device’s operating system or other software, or data sent to the device by us. A device identifier may convey information to us about how you browse and use the Websites. A device identifier may remain persistently on your device, to help you log in faster and enhance your navigation through the Service. Some features of the Websites may not function properly if use or availability of device identifiers is impaired or disabled.


(5)    USER IDENTIFIERS


When you access the Websites, we use one or more “user identifiers.” User identifiers are small data files or similar data structure assigned to you that will be used to enable you to continue to use the Websites. A user identifier may convey information to us about how you browse and use the Websites. A user identifier may remain persistently on your device or computer, to help you log in faster and enhance your navigation through the Websites. Some features of the Websites may not function properly if use or availability of user identifiers is impaired or disabled.


(6)    LOCATION DATA


When you access the Websites by or through a mobile device, we may access, collect, monitor and/or remotely store “location data,” which may include GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device. Location data may convey to us information about how you browse and use the Websites. Some features of the Service, particularly location-based services, may not function properly if use or availability of location data is impaired or disabled.


CONTACT POSSIBILITY VIA THE WEBSITES

The Websites contain information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes e-mail address and online enquiry form. When completing an enquiry form, we will request you to provide personal data and information including your name and email address. If you contact us by e-mail or via the enquiry form, the personal data transmitted by you are automatically stored.  You may also access the website of the Pavilions Group from a link in an email that we send to you or where you have created a profile under LOGIN and you log-in to your account on a voluntary basis. When creating a profile under LOGIN, we will request you to provide personal data and information including your name and email address.  Such personal data transmitted on a voluntary basis by you to us are stored for the purpose of processing or contacting you. There is no transfer of this personal data to third parties.


MAKING A RESERVATION AND CHECK-IN AT A HOTEL OF THE PAVILIONS GROUP  

If you would like to make a reservation at the front desk of one of the hotels/resorts/residences of the Pavilions Group, we will request for personal data including your name, address, telephone number, e-mail address and credit card information for payment purposes (including credit card number, code and expiry date). We will use your e-mail address to send an e-mail confirmation of your booking and a pre-arrival message summarising your confirmation details and preferences. Such pre-arrival message will include other information about the hotel, the area and the weather. 

The personal data that you provide to us for making a reservation is made available to the applicable hotel/resort/residence of the Pavilions Group for the purpose of completing your reservation request. We may also need to collect personal data as required by local laws such as passport numbers, type of entry visa, and driver’s license.  Upon check-in, your personal data will be verified by our staff and you may be requested to indicate whether you wish to opt in and receive hotel promotional literature.


MAKING A RESERVATION THROUGH OUR HOTELS 

You can make a reservation by contacting a particular hotel/resort/residence of the Pavilions Group by phone, email or via the Websites. When making a reservation, you will be asked to provide personal data including  your name, address, telephone number, email address and method of payment, name(s) of additional guest(s),. If you choose to provide us with your e-mail address, a confirmation and a pre-arrival message of your reservation will be sent to you by e-mail.  We may also ask for your travel details (including flight number, arrival and departure dates and time, as well as country/point of origin and destination), room preferences and special requests, which you can provide on voluntary basis, to better prepare ourselves for your arrival and to serve you better before your departure.
You can access the Websites from a web-enabled mobile device to find a hotel and/or restaurants operated by the Pavilions Group. You can make a reservation from a web-enabled device. When you make a reservation, you will have to provide personal data including your name, e-mail address and credit card information for guarantee purposes.


DURING YOUR STAY AT A HOTEL
 
We record your itemised spending to properly assemble your folio during your stay, which includes your room rate and other expenses billed to your room. We also record this information to comply with financial reporting requirements and those imposed by our auditors and government authorities. In order to assure your future comfort and attention to your individual needs, after obtaining your explicit consent, other stay specific information may be stored in the property management system at the particular hotel, such as your food and beverage preferences and other special requests for future reference by the Pavilions Group so as to get ourselves well prepared before your next arrival. 


CREATING AND UPDATING YOUR ONLINE ACCOUNT INFORMATION

For hotel related services, upon completing an online room reservation, you can set up, review or update your information online.


FOOD AND BEVERAGE OUTLET RESERVATIONS 

We collect your personal data including your name and phone number when you make a reservation at our food and beverage outlets. 


SPA RESERVATIONS 

We collect your personal data including your name, contact details, and where necessary, credit card information for payment purposes when you make a spa reservation. In addition, with your explicit consent, we may collect information relating to your health, allergies and treatment preferences before the spa treatment is commenced to ensure that your spa treatment is conducted under safe conditions. 

YOUR RIGHTS 

You as data subject have rights to your personal data which we must respect and comply with to the best of our ability.  We must ensure you can exercise your rights in the following ways:
(1)    Right of confirmation

You shall have the right to obtain from us the confirmation as to whether or not your personal data and information concerning you are being processed. If you wish to avail yourself of this right of confirmation, you may, at any time, contact our Data Protection Officer or any of our staff. 
(2)    Right of access

You shall have the right to obtain from us free information about your personal data stored at any time and a copy of the same.  Furthermore, you are also entitled to access to the following information:
●    the purposes of the processing;
●    the categories of personal data concerned;
●    the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
●    where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
●    the existence of the right to request from us rectification or erasure of personal data, or restriction of processing of personal data concerning you, or to object to such processing;
●    the existence of the right to lodge a complaint with a supervisory authority;
●    where the personal data are not collected from you, any available information as to their source;
●    the existence of automated decision-making, including profiling as well as the significance and envisaged consequences of such processing for you.
Furthermore, you shall have a right to obtain information as to whether your personal data are transferred to a third country or to an international organization. Where this is the case, you shall have the right to be informed of the appropriate safeguards relating to the transfer. 
If you wish to avail yourself of this right of access, you may at any time contact our Data Protection Officer or any of our staff. 
(3)    Right to rectification

You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.  Taking into account the purposes of processing, you shall have the right to have incomplete personal data completed, including by means of of providing a supplementary statement. 
If you wish to exercise this right of rectification, you may, at any time, contact our Data Protection Officer or any of our staff.
(4)    Right to erasure

You shall have the right to obtain from us the erasure of personal data concerning you without undue delay and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
●    The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
●    You withdraw consent to which the processing is based and where there is no other legal ground for the processing;
●    You object to the processing and there are no overriding legitimate grounds for the processing pursuant to Article 21(1) of the GDPR 
●    You object to the processing for direct marketing purposes.
●    The personal data have been unlawfully processed.
●    The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
●    The personal data have been collected in relation to the offer of information society services to a child.

If one of the aforementioned reasons applies, and you wish to request the erasure of personal data stored by the Pavilions Group, you may at any time contact our Data Protection Officer or any of our staff.  Our Data Protection Officer or any of our staff shall promptly ensure that the erasure request is complied with without undue delay.
(5)    Right of restriction of processing

You shall have the right to obtain from us restriction of processing where one of the following applies:
●    The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
●    The processing is unlawful and you oppose the erasure of the personal data and requests instead the restriction of their use instead.
●    We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
●    You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforesaid conditions is met, and you wish to request the restriction of the processing of personal data stored by the Pavilions Group, you may at any time contact our Data Protection Officer or any of our staff.  Our Data Protection Officer or any of our staff will arrange the restriction of the processing. 
(6)    Right to data portability

You shall have the right to receive the personal data concerning you, which was provided to us, in a structured, commonly used and machine-readable format.  You shall have the right to transmit those data to another controller without hindrance, where technically feasible and when doing so does not adversely affect the rights and freedom of others. 
In order to assert the right of data portability, you may at any time contact our Data Protection Officer or any of our staff.
(7)    Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you based on legitimate interest or performance of a public interest task. This also applies to profiling based on these grounds. 
If the Pavilions Group processes personal data for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing.  This applies to profiling to the extent that it is related to such direct marketing.  If you object to the Pavilions Group to the processing for direct marketing purposes, the Pavilions Group will no longer process the personal data for these purposes. 
In order to exercise the right to object, you may directly contact our Data Protection Officer or any of our staff. In addition, you are free in the context of the use of information society services, and to use your right to object by automated means using technical specifications.
(8)    Right in relation to automated individual decision making, including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you as long as the decision (i) is not necessary for entering into, or the performance of, a contract between you as data subject and us as a data controller; or (ii) is not authorised by Union or Member State law to which the Pavilions Group is subject and which also lays down suitable measures to safeguard you rights and freedoms and legitimate interests, or (iii) is not based on your explicit consent. 
If the decision (i) is necessary for entering into, or the performance of, a contract between you as data subject and the Pavilions Group as a data controller, or (ii) it is based on your explicit consent, the Pavilions Group shall implement suitable measures to safeguard your rights and freedoms and and legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and contest the decision.
If you wish to exercise the rights concerning automated individual decision making, you may at any time directly contact our Data Protection Officer or any of our staff. 
(9)    Right to withdraw consent

You shall have the right to withdraw your consent to processing of your personal data at any time.  If you wish to exercise your right to withdraw your consent, you may at any time contact our Data Protection Officer or any of our staff.

DISCLOSURE TO THIRD PARTY

The Pavilions Group may engage third parties to assist in the provision of service by us to you and which may, as part of their role in delivering the service, process your personal data.  As part of using service provided by the Pavilions Group, you consent to us sharing your personal data with the following parties:-
●    agents, other service providers and third party partners who process and store personal data and information;
●    professional advisors;
●    law enforcement agencies;

In this respect agents, other service providers and third party partners who process and store personal data and information of the Pavilions Group are hereinafter referred to as ‘Subprocessors’.  The Pavilions Group maintains a list of all Subprocessors that may process your personal data. 

The Pavilions Group has concluded data processing agreements with all Subprocessors in which they are required to abide by substantially the same obligations as the Pavilions Group under this Privacy Policy.

Unless otherwise described elsewhere in this Privacy Policy, we do not disclose, sell or trade any to any of your personal data and information to third parties.

We may share personal data and information with Subprocessors such as the credit card processor working with us in connection with the operation of the Websites and/ or service provided by us to you and who need access to such personal data and information to carry out their work for us. Any credit card details collected are simply passed on in order to be processed as required. We never permanently store complete credit card details.
In addition to the required information sharing described above, we use the services of third party agents, such as e-mail service providers and mail houses for the purpose of mailing materials to our patrons. These parties are contractually prohibited from using your personal data for any purpose other than for the purposes specified in their respective contracts. We do provide non-personally identifiable information to certain service providers for their use on an aggregated basis for the purpose of performing their contractual obligations to us. We do not permit the sale of your personal data to entities outside of the Pavilions Group for any use unrelated to our group operations or use of your personal data by third party for their own purposes. 
In some cases, Subprocessors may be directly collecting your personal data from you on our behalf. If Subprocessors provide your personal data to Pavilions Group, Pavilions Group shall mention what personal data and information that Subprocessors provide to Pavilions Group on the list that Pavilions Group keep of its Subprocessors. We inform Subprocessors that they are not permitted to use your personal data they obtain from us other than to provide the service for us. We are not responsible for any additional information you provide directly to these Subprocessors. Please become familiar with their practices before disclosing any of your personal data directly to such Subprocessors.

From time to time, we may also share your personal data with third parties when you give us your explicit consent to do so. For example, we may enter into relationships with other parties to make specific services or offers available directly to you. If you opt-in to these third party services or marketing offers, we may share the personal data you provide at the time of sign-up or such other personal data, such as your name or other contact information, that we deem reasonably necessary or appropriate for our business partner to provide these services or offers or get in contact with you.

We may disclose your personal data in the good faith belief that we are lawfully authorized or required to do so, or that doing so is reasonably necessary or appropriate to comply with the law or with legal process or authorities, respond to any claims, or to protect the rights, property or safety of Pavilions Group, our users, our employees or the public, including without limitation to protect Pavilions Groups or our users from fraudulent, abusive, inappropriate or unlawful use of our service. Pavilions Group will promptly notify you of any request of an executive or administrative agency or other governmental authority that it receives and which is related to your personal data and information, unless prohibited by applicable law. Pavilions Group will provide you with reasonable information in its possession that may be responsive to the request as stated above, and any assistance reasonably required for you to respond to the request in a timely manner. You acknowledge and agree that Pavilions Group has no responsibility to interact directly with the entity making the request.

Please note that nothing herein restricts the sharing of aggregate information, which may be shared with third parties without your consent.


DATA TRANSMISSION ACROSS INTERNATIONAL BORDERS


As a global company, the Pavilions Group endeavor to provide you with the same outstanding service in Phuket and Bali, as you would find in Madrid and Amsterdam. To achieve this goal, we have established a global network comprised of properties, offices, global customer service centers, data centers, trusted service providers, and trained associates around the globe. The nature of our business and our operations require us to transfer your personal data and information to other group companies, properties, centers of operations, data centers, or service providers that may be located in countries outside of your own for the purposes mentioned in this Privacy Policy. 


The Pavilions Group may transfer your personal data within European Economic Area (EEA) and to non EEA countries including our headquarters in Hong Kong as well as other countries where we are present, including Japan, Thailand, , Indonesia, Himalayas, Spain Portugal, Holland, and Italy for the purposes specified in this Privacy Policy. We also use third party service providers located outside of these countries  to process email confirmation, online bookings and post-stay surveys.(OLN: please specify all purposes of transfer)


Although the data protection and other laws of these various countries may not be as comprehensive as those in your own country, the Pavilions Group will ensure there is an appropriate level of protection for your fundamental rights as data subjects and implement, where necessary appropriate measures, including adopting approved model contract clauses and approved binding corporate rules, to secure the transfer of your personal data and information to the third party service providers located in non EEA countries.

 

RETENTION OF PERSONAL DATA 

The Pavilions Group retains personal data for no longer than is necessary for fulfillment of purposes as stipulated in this Privacy Policy.  We will promptly delete or otherwise render inaccessible personal data and information except as may be required by law. 

DATA STORAGE

The Pavilions Group holds personal data in the following manner:

(1)    CUSTOMER INFORMATION SYSTEM AND RESERVATION SYSTEM

We store personal data collected in our Customer Information System and Reservation System (“CIR Systems”) at the time when a reservation is made.  The CIR Systems are secure customer databases stored  on servers hosted by a third party service provider. The personal data stored in CIR Systems includes guest name, address, phone numbers, position, company name and credit card information.  We may also store other personal data and information such as customers’ preferences in relation to room types, food and beverage, other service preferences and transaction history. This information may be shared within the Pavilions Group to better anticipate your needs prior to and during your stay.


(2)    MARKETING DATABASE

The Pavilions Group maintains a database of customer information which is used for marketing, promotion and research, understanding and analyzing customer behaviour and customer profiling to improve our services. You will receive marketing and promotional materials if you have already given your express and specific consent in data collection forms. You may elect to unsubscribe from receiving future e-mail promotions at any time.

 

DATA SECURITY 

Transmission over internet
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access and use.  We use SSL protocol – an industry standard for encryption over the Internet, to protect our customers’ personal data and information. When you type in sensitive information such as credit card details, it will be automatically encrypted and transferred over a SSL connection. This ensures that your sensitive data is encrypted as it travels over the Internet. You will know that you are in a secure mode when the security icon (such as a lock) appears in the computer screen.

Email and Online Communication
It is important to note that all e-mail communication is not secure. There is a risk inherent in the use of e-mail. Please be aware of this when requesting information or sending forms to us by e-mail, for example, from the “Contact Us” section of the Websites. We recommend that you do not include any sensitive information including credit card details when using e-mail or using any public computers/public WIFI. Our e-mail responses to you may not include any sensitive or confidential information. Please bear in mind that no security system or system of transmitting information over the Internet is guaranteed to be secure. 

To be prudent, it is advisable to always close your browsers when you have finished completing a form or a reservation. Although the session will automatically terminate after a short period of inactivity, it is easier for a third party to gain access to your profile whilst you are logged onto the Websites and making a reservation.

Please note that companies of the Pavilions Group will never send you an e-mail requesting your password, credit card number or passport, personal identity card or social security number. If you receive any suspicious e-mails that looks like it is from our group, but asks you for your credit card number or passport, personal identity card or social security number, it is a fraudulent e-mail, or “phishing”. We recommend that you do not reply to the e-mail or click onto any links or pop-up messages and report to the local authorities which handle fraudulent e-mails. If you believe “phishers” have gained access to your personal or financial information, we recommend that you also change your password(s), alert your credit card service provider and bank and review credit card and bank account statements to check for unauthorised charges.

Internal Controls
The Pavilions Group trains their employees and staff on the importance of data privacy and protection. The Privacy Policy is updated as required to reflect any changes in applicable laws and developments in best practice procedures. Further, we limit the number of individuals within the group with access to personal data and information to those directly involved in the process of providing quality service to you.

Incident Management 
The Pavilions Group shall evaluate and respond to incidents that create suspicion of unauthorized access to or handling of personal data and information. The response will be to restore confidentiality, integrity and availability of the environment of our services provided to you. Furthermore we shall establish root causes and remediation steps.

The Pavilions Group shall inform you within 24 hours after a data breach has been noticed. The Pavilions Group shall provide you with a description of the data breach, the type of data / personal data that was the subject of the breach and steps taken in order to cure the data breach and prevent further consequences of the breach. The Pavilions Group will provide further information upon your request. The Pavilions Group and you shall coordinate in good faith any related (public) statements and / or notifications to any privacy authority and/or affected data subjects / persons.

The Pavilions Group will inform you immediately after it has become aware of the fact that (i) the Pavilions Group and/or its personnel infringe applicable data protection legislation or obligations under this Privacy Policy, (ii) third parties have unauthorized or unintended access to the personal data.

The Pavilions Group will keep you duly informed on any new developments in relation to a data breach. All notifications of data breaches by us to you will be made in writing. If time and circumstances do not permit a written notification, we may notify you through other means, provided that such notification is followed up by a written confirmation by us as soon as possible thereafter.

As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We will continue to revise policies and implement additional security features as new technologies become available.


DIRECT MARKETING


With your explicit consent, we may send you information about The Pavilions Hotels, and restaurants and clubs operated by our group companies, including special offers on accommodation, food and beverage, spa and other hotel services by post or e-mail. It is however our intention to only send you mail and e-mail communications that you may want to receive. When you opt-in or do not opt-out from receiving promotional material either on a guest registration card or when you enrol via the Websites, or patronise our restaurants and provide your e-mail address to us specifically and expressly in order to receive marketing communications, we will periodically contact you via e-mail and provide information about special offers and promotions that may be of interest to you. These communications will relate to offers relating to The Pavilions Group, and restaurants and clubs operated by our group companies. We typically use third party e-mail service providers to send e-mails. These service providers are contractually prohibited from using your e-mail address for any purpose other than to send e-mails related to our group operations. Your personal data will not be shared with third parties for their own marketing purposes. 

We provide you the ability to unsubscribe from all marketing communications. Every time you receive an e-mail, you will be provided with the choice to opt-out of future e-mails by following the instructions provided in the e-mail. You may also opt-out of receiving promotional materials by sending a letter or fax or email to our Data Protection Officer.

CHILDREN’S PRIVACY

The Websites are not intended for children and minors and the Pavilions Group do not knowingly solicit or collect personal data and information from children and minors. As a parent or legal guardian, please do not allow your children to submit their personal data to us without your permission.


OTHER SITES


The Pavilions Group is only responsible for this Privacy Policy and content of the Websites. The Websites may contain links to other sites of third parties. We are not responsible for the data collection and use practices, privacy policy or the use of cookies on other websites that you have accessed the Websites from and to the non-Pavilions Group websites that you may access from this website. We advise you to review the privacy policies of such third parties before submitting your personal data and information.


COMPLAINTS

In the event that you wish to make a complaint about how your personal data and information is being processed by the Pavilions Group or its partners, you have the right to complain to the Supervisory Authority.  You may contact our Data Protection Officer on information in relation to how to lodge such complaint. 

DATA PROTECTION OFFICER

If after reviewing this Privacy Policy you have any questions or concerns or would like to exercise your rights as mentioned in this Privacy Policy, please contact our Data Protection Officer:


By EMAIL: [email protected]
By MAIL: Room 1601, 16th Floor, Wilson House, 19-27 Wyndham Street, Hong Kong


This Privacy Policy is last updated on 15th May 2018

Cookies help us deliver services. By continuing to use our services, you agree to our use of cookies. Close