Privacy Privacy

PRIVACY

SHARE

THE PAVILIONS HOTELS & RESORTS LIMITED: PRIVACY POLICY
 

We Are Committed to Protecting Your Privacy 

The Pavilions Hotels & Resorts Limited, located at Room 1601, 16th Floor Wilson House, 19-27 Wyndham Street, Hong Kong and its group companies including but not limited to The Pavilions Hotels & Resorts, The Pavilions Residences, The First Roma Hotels, The Toren Hotel (“Pavilions Group”) (together referred to as “Pavilions Group”, “we”, “us”, “ours” or “ourselves” below), have a strong commitment to provide quality service to our guests, patrons and potential customers and are further committed to protecting your privacy. 

The processing of personal data of a data subject by the Pavilions Group shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Pavilions Group.  

To ensure you as data subject can make informed decisions and feel confident about supplying personal data relating to you when purchasing our products and using our services, we provide this privacy policy (“Privacy Policy”) (together with our terms of use and any other documents referred to on it) outlining the nature, scope, and purpose of the personal data Pavilions Group collect, use and process.  Furthermore, you, as data subject, are informed of the rights which you are entitled.  You must read to fully understand all data protection measures adopted by the Pavilions Group.  By using our websites (including https://www.pavilionshotels.com and https://www.pavilionsresidences.com) and/or using services provided by the Pavilions Group, you will be regarded as having accepted the terms of this Privacy Policy.

  
DEFINITIONS

In this Privacy Policy of Pavilions Group, we use, inter alia, the following terms:

Personal Data

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The personal data which we may collect from you includes , among other things, your name, contact number, address, age, gender, passport or other identification document details, driver’s licence details, personal financial information, frequent flyer or travel partner information. 

Special categories of Personal Data

Special categories of personal data include information about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings, and genetic and biometric information.  Any use of special categories of personal data shall be strictly controlled in accordance with this Privacy Policy.  The Pavilions Group will require your explicit consent before we process special categories of personal data unless we are required to do so by law.

Data Controller

‘Data Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by law.

Data Processor

‘Data Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Processing

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

Profiling

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interest, reliability, behavior, location or movements.

Consent

Consent of data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Business Purposes

The business purposes for which personal data may be used by the Pavilions Group:

(1) Personnel, administrative, financial, regulatory, payroll and business development purposes;

(2) Business purposes include the following:

(a) Compliance with our legal, regulatory and corporate governance obligations and good practice
(b) Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests
(c) Ensuring business policies are adhered to (such as policies covering email and internet use)
(d) Operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting, credit scoring and checking
(e) Investigating complaints 
(f) Checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments
(g) Monitoring staff conduct, disciplinary matters

Supervisory Authority

This is the national body responsible for data protection.  The supervisory authorities applicable to the Pavilions Group are as follows:-

Spain: Agencia Española de Protección de Datos (AEPD)
Netherlands: Personal Data Authority (PDA)
France: Commission nationale de l'informatique et des libertés (CNIL)
Italy: The Italian Date Protection Authority (Garante)


CHANGES TO THIS PRIVACY POLICY

This privacy policy was last updated on 15th May 2018. In the future, we may need to make additional changes. All additional changes will be included in the Privacy Policy published on the Websites, so that you will always understand our current practices with respect to the personal data we gather, how we might use your personal data and disclosures of that personal data to third parties. You can tell when this Privacy Policy was last updated by looking at the date at the bottom of this Privacy Policy. Any changes to the Privacy Policy will become effective upon posting of the revised version on the Websites, and where appropriate, notified to you by e-mail.

This Privacy Policy contains numerous general and technical details about the steps we take to respect your privacy concerns. We have organised the Privacy Policy by major processes and areas so that you can review the information of most interest to you.

 
DATA PROTECTION PRINCIPLES


The Pavilions Groups shall comply with the principles of data protection (“Principles”) enumerated in the EU GDPR.  We will make every effort possible in everything we do to comply with the Principles.  The Principles are:-

1. Lawful, fair and transparent

Personal data processing must be fair for a legal purpose and we must be open and transparent as to how the data will be used.

2. Purpose limitation

Personal data can only be processed for purposes which are specified, explicit and legitimate.

3. Data minimisation

Any personal data processed must be necessary, relevant and adequate in relation to the purposes.

4. Accuracy

The personal data we retain must be accurate and kept up to date and shall be erased or rectified without delay if it is inaccurate for the purpose of processing.

5. Storage limitation

The retention of personal data in a form for allowing identification of you as data subject should not be longer than necessary.

6. Integrity and confidentiality

We adopt appropriate security measures of the personal data to avoid unauthorized loss or disclosure.

7. Accountability

We as controllers must ensure we comply with the Principles and are able to to demonstrate the compliance. 


COLLECTION AND USE OF PERSONAL DATA 

LEGAL BASIS FOR PROCESSING 

When you request a particular service from us or otherwise interact with the Pavilions Group, we will be required to process your personal data that we need for the following purposes:-

1.    in the normal course of our business, to allow us to register you to use our services and to provide you with our services on the basis that processing is necessary in order to perform our contract with you to provide our services;
2.    to allow us to manage your reservation on the basis that processing is necessary in order to perform our contract with you to provide our services
3.    to validate your personal data so as to check the personal data we hold about you is accurate, consistent and up to date on the basis that processing is necessary in order to perform our contract with you to provide our services;
4.    to process and/or respond to your requests, submissions, comments and any transactions;
5.    to provide technical support and ensure the continued and smooth operation of the Websites;
6.    to comply with any legal obligations to which we are subject to, including but not limited to (i) facilitate the administration of the business purposes; (ii) prevent or investigate actual/suspected fraud, hacking, infringement, or other misconducts involving our services or the Websites;
7.    to protect your vital interests in situations of life or death, physical injury or significant health risk;
8.    to perform a task in the public interest or official capacity.  

BROWSING 

(1)    OUR WEBSITES

When you browse the Websites, the Websites collect series of general data and information which is stored in server log files.  Information collected may be (1) the browser types and versions used; (2) the operating system used by the accessing system; (3) the website from which an accessing system reaches our website (so-called referrers); (4) the sub-websites; (5) the date and time of access to the website; (6) an Internet Protocol Address (IP Address); (7) the Internet Service Provider of the accessing system; and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.   We treat this information as personal data if identifiable person can be directly or indirectly identified by reference to log files.
When using these general data and information, the Pavilions Group does not draw any conclusions about you as data subject.  Rather, this information is needed to (1) deliver the content of our website correctly; (2) optimize the content of our website as well as its advertisement; (3) ensure the long term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.   Therefore, the Pavilions Group analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process.  The anonymous data of the server log files are stored separately from personal data provided by you.

 
(2)    COOKIES

By using the Websites, you agree that we may automatically collect information through the use of “cookies”.  The Websites only use “cookie” technology as a tracking tool. Cookies do not retain your personal data and information provided during the online reservations. Cookies identify your browser, rather than you and cannot be used by themselves to disclose your individual identity. Cookies enable us to track the number of page visits from the same computer or browser to be aggregated for statistical purposes.
Cookies do not corrupt or damage your computer, programs, or computer files.
The purpose for which cookies -- other than those which are either exclusively intended to enable or facilitate communication by electronic means or strictly necessary for the provision of an online communication service at your express request -- are used on the Websites is set forth in a banner appearing the first time you land on the Websites. By continuing to browse on the Websites, you consent to their use.
You may set your browser to block Cookies, although doing so will affect your ability to perform certain transactions, use certain functionality, and access certain content on the Websites. Procedures for managing your settings may differ depending on your browser. Please consult the instructions for your particular browser on how to do this. From commonly used browsers, please click the links below:
 
Microsoft Windows Explorer 
Google Chrome
Mozilla Firefox
Apple Safari

If you do not use any of the browsers listed above, choose the "Help" function, followed by "Cookies" to find out where your cookie folder is stored.

3rd Cookies providers used by The Pavilions Group - pavilionshotels.com

Affilired affilired.com https://www.affilired.com/en/privacy/
Cloudflare cloudflare.com https://www.cloudflare.com/privacypolicy/
Facebook  facebook.com https://www.facebook.com/policy/cookies/
Hotjar  hotjar.com https://www.hotjar.com/legal/policies/cookie-information
Google Analytics   https://developers.google.com/analytics/devguides/collection/gajs/cookie-usage
Google - Analytics and Double Click google.com https://policies.google.com/technologies/types
Just Uno justuno.com https://www.justuno.com/legal/cookies.html
Triptease triptease.io https://www.triptease.com/en/cookie-policy/
Sojern sojern.com https://www.sojern.com/privacy/product-privacy-policy/
Synxis synxis.com https://www.sabre.com/about/privacy/

 

Cookies properties - First Party by The Pavilions Group - pavilionshotels.com

Cookie Names From Usage Expiration Invoked by
currency .www.pavilionshotels.com Cookies to store currency preference to display the correct corresponding currency on offers 30 days The Pavilions
language .www.pavilionshotels.com Language preference 30 days The Pavilions
PHPSESSID www.pavilionshotels.com Preserves user session state across page requests. Session Only The Pavilions
cookieconsent_status www.pavilionshotels.com store user cookies consent status  1 Year The Pavilions
default www.pavilionshotels.com   Session Only The Pavilions

 

Cookies properties - First Party invoked by Third Party Service Provider

Cookie Names From Usage Expiration Invoked by
currency .www.pavilionshotels.com Cookies to store currency preference to display the correct corresponding currency on offers 30 days The Pavilions
language .www.pavilionshotels.com Language preference 30 days The Pavilions
PHPSESSID www.pavilionshotels.com Preserves user session state across page requests. Session Only The Pavilions
cookieconsent_status www.pavilionshotels.com store user cookies consent status  1 Year The Pavilions
default www.pavilionshotels.com   Session Only The Pavilions
XXXX .affilired.com This is used to monitor and track the sources and conversions. It is stored when you click on a publisher / affiliate link.  Where XXXX is our customer”s ID to Affilired. from 30 to 90 days Affilired
XXXX_TPV .affilired.com This is used to monitor and track impressions and conversions. It is stored when a banner is displayed.  Where XXXX is our customer”s ID to Affilired. From 2 to 7 days Affilired
4642 .affilired.com It may collect anonymous navigational data collection, including the referer, as well as information about sales/transactions done on the website. 30 days days Affilired
4642_stat .affilired.com Identify users during a very short amount of time (1 minute), to avoid registering repeated clicks from the same computer 2 times. 60 seconds Affilired
ho_mob glopss.go2cloud.org This cookie contains a hash of your device/connection information. This hash is used for offer targeting. It may collect anonymous navigational data collection. 3 years Affilired
enc_aff_session_473 glopss.go2cloud.org This cookie may collect anonymous navigational data collection, including the referer, as well as information about sales/transactions done on the website. 30 days Affilired
ACD .affilired.com Identify users in a deterministic way across multiple devices 540 days Affilired
_afflrdmlc4642 Your domains It may collect anonymous navigational data collection, including the referer, as well as information about sales/transactions done on the website. 30 days Affilired
wgc .webgains.com It may collect anonymous navigational data collection, including the referer, as well as information about sales/transactions done on the website. 30 days Affilired
wgdc .webgains.com It may collect anonymous navigational data collection, including the referer, as well as information about sales/transactions done on the website. session Affilired
wgs .webgains.com It may collect anonymous navigational data collection, including the referer, as well as information about sales/transactions done on the website. session Affilired
270195.sol .webgains.com It may collect anonymous navigational data collection, including the referer, as well as information about sales/transactions done on the website. 30 days Affilired
wgi .webgains.com It may collect anonymous navigational data collection, including the referer, as well as information about sales/transactions done on the website. 30 days Affilired
__cfduid .pavilionshotels.com   1 Year Cloudflare
_fbp .pavilionshotels.com Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. 2 hours Facebook
_ga .pavilionshotels.com Google analytics tracking identification 2 years Google
_gat_UA-70745437-1 .pavilionshotels.com Google analytics throttle request 10 minutes Google
_gcl_au .pavilionshotels.com Google analytics statistic tracking   Google
_gid .pavilionshotels.com Google analytics tracking identification 24 hours Google
_hjIncludedInSample www.pavilionshotels.com Statistic analysis on user screen iteraction Session Only Hotjar 
_ju_dc .pavilionshotels.com This cookie contains a unique code that identifies the device for profile tracking purposes. 1 Year Just Uno
_ju_dn .pavilionshotels.com This cookie is used to disable Justuno when a Visitor has opted out of our tracking. It's also used to enable auto loading of Justuno if the user has opted into Justuno. 30 days Just Uno
_ju_pn .pavilionshotels.com This cookie is used to safeguard against multiple tabs/windows overwriting each other's profiles. 30 minutes Just Uno
_ju_v www.pavilionshotels.com This cookie is used to cache the Justuno version used for the website's account
 
30 minutes Just Uno
_ju_ui   This cookie is used to temporarily hold a userid hash for cross device tracking.
 
  Just Uno
gid sojern.com Info not provided / TBC 2 years Sojern
optimizelyEndUserId sojern.com Info not provided / TBC   Sojern
cid sojern.com Info not provided / TBC 2 years Sojern
apnid sojern.com Info not provided / TBC   Sojern
optimizelySegments sojern.com Info not provided / TBC   Sojern
optimizelyBuckets sojern.com Info not provided / TBC   Sojern
_ga sojern.com Info not provided / TBC 2 years Sojern
_mkto_trk sojern.com Info not provided / TBC   Sojern
tapid sojern.com Info not provided / TBC 1 day Sojern
dc-adv sojern.com Info not provided / TBC   Sojern
TapAd_TTD_SYNC tapad.com Info not provided / TBC   TapAd
TapAd_TS tapad.com Info not provided / TBC 1 day TapAd
TapAd_DID tapad.com Info not provided / TBC 1 day TapAd
ajs_anonymous_id triptease.io Info not provided / TBC   Triptease
ajs_group_id triptease.io Info not provided / TBC   Triptease
ajs_user_id triptease.io Info not provided / TBC   Triptease
amplitude_id_26e1e80ce459d7a7eb5c4cb80ec74e3ctriptease.io triptease.io Info not provided / TBC   Triptease
fs_intercom triptease.io Info not provided / TBC   Triptease
fs_uid triptease.io Info not provided / TBC   Triptease
intercom-id-wmafy8j5 triptease.io Info not provided / TBC   Triptease
mp_16be453cae9ce93af0e7e46cbfe47047_mixpanel triptease.io Info not provided / TBC   Triptease
route triptease.io Info not provided / TBC Session Only Triptease
triptease-identity-data www.pavilionshotels.com Data cookies invoked to identify unique users 12 hours Triptease
triptease-session-id triptease.io Session cookies invoked by Triptease 12 hours Triptease
triptease-user-id triptease.io Data cookies invoked to identify unique users 5 Years Triptease

 

The Pavilions Group and our third-party service providers may use pixel tags (also known as “clear gifs”, “beacon gifs” etc.), tracking links and/or similar technology for the following purposes:-

●    Track customer response to the Pavilions Group advertisements and website content; 
●    Determine your ability to receive HTML-based e-mail messages. Our e-mail service provider includes a pixel tag, which they refer to as a “coded sensor” in all of the HTML-based messages sent on our behalf. The sensor activates when the e-mail message is opened and flags the e-mail address of the user as one that is capable of receiving HTML-based e-mail messages. This capability helps our service provider to send the e-mail in a format you can read. The sensor does not collect or use any other information. If you cannot receive HTML, you will not receive a functioning sensor; 
●    Know how many users open an e-mail and allow our service provider to compile aggregated statistics about an e-mail campaign for us; and 
●    Allow us to better target interactive advertising, enhance customer support and site usability, and provide offers and promotions that we believe would be of interest to you. Your personal data and information will not be collected apart from what you voluntarily provide us in your dealings with our group operations.


(4)    DEVICE IDENTIFIERS


When you access the Websites by or through a mobile device (including but not limited to smartphones or tablets), we use one or more “device identifiers,” such as a universally unique identifier (“UUID”). Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify its mobile device.
A device identifier may be data stored in connection with the device hardware, data stored in connection with the device’s operating system or other software, or data sent to the device by us. A device identifier may convey information to us about how you browse and use the Websites. A device identifier may remain persistently on your device, to help you log in faster and enhance your navigation through the Service. Some features of the Websites may not function properly if use or availability of device identifiers is impaired or disabled.


(5)    USER IDENTIFIERS


When you access the Websites, we use one or more “user identifiers.” User identifiers are small data files or similar data structure assigned to you that will be used to enable you to continue to use the Websites. A user identifier may convey information to us about how you browse and use the Websites. A user identifier may remain persistently on your device or computer, to help you log in faster and enhance your navigation through the Websites. Some features of the Websites may not function properly if use or availability of user identifiers is impaired or disabled.


(6)    LOCATION DATA


When you access the Websites by or through a mobile device, we may access, collect, monitor and/or remotely store “location data,” which may include GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device. Location data may convey to us information about how you browse and use the Websites. Some features of the Service, particularly location-based services, may not function properly if use or availability of location data is impaired or disabled.


CONTACT POSSIBILITY VIA THE WEBSITES

The Websites contain information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes e-mail address and online enquiry form. When completing an enquiry form, we will request you to provide personal data and information including your name and email address. If you contact us by e-mail or via the enquiry form, the personal data transmitted by you are automatically stored.  You may also access the website of the Pavilions Group from a link in an email that we send to you or where you have created a profile under LOGIN and you log-in to your account on a voluntary basis. When creating a profile under LOGIN, we will request you to provide personal data and information including your name and email address.  Such personal data transmitted on a voluntary basis by you to us are stored for the purpose of processing or contacting you. There is no transfer of this personal data to third parties.


MAKING A RESERVATION AND CHECK-IN AT A HOTEL OF THE PAVILIONS GROUP  

If you would like to make a reservation at the front desk of one of the hotels/resorts/residences of the Pavilions Group, we will request for personal data including your name, address, telephone number, e-mail address and credit card information for payment purposes (including credit card number, code and expiry date). We will use your e-mail address to send an e-mail confirmation of your booking and a pre-arrival message summarising your confirmation details and preferences. Such pre-arrival message will include other information about the hotel, the area and the weather. 

The personal data that you provide to us for making a reservation is made available to the applicable hotel/resort/residence of the Pavilions Group for the purpose of completing your reservation request. We may also need to collect personal data as required by local laws such as passport numbers, type of entry visa, and driver’s license.  Upon check-in, your personal data will be verified by our staff and you may be requested to indicate whether you wish to opt in and receive hotel promotional literature.


MAKING A RESERVATION THROUGH OUR HOTELS 

You can make a reservation by contacting a particular hotel/resort/residence of the Pavilions Group by phone, email or via the Websites. When making a reservation, you will be asked to provide personal data including  your name, address, telephone number, email address and method of payment, name(s) of additional guest(s),. If you choose to provide us with your e-mail address, a confirmation and a pre-arrival message of your reservation will be sent to you by e-mail.  We may also ask for your travel details (including flight number, arrival and departure dates and time, as well as country/point of origin and destination), room preferences and special requests, which you can provide on voluntary basis, to better prepare ourselves for your arrival and to serve you better before your departure.
You can access the Websites from a web-enabled mobile device to find a hotel and/or restaurants operated by the Pavilions Group. You can make a reservation from a web-enabled device. When you make a reservation, you will have to provide personal data including your name, e-mail address and credit card information for guarantee purposes.


DURING YOUR STAY AT A HOTEL
 
We record your itemised spending to properly assemble your folio during your stay, which includes your room rate and other expenses billed to your room. We also record this information to comply with financial reporting requirements and those imposed by our auditors and government authorities. In order to assure your future comfort and attention to your individual needs, after obtaining your explicit consent, other stay specific information may be stored in the property management system at the particular hotel, such as your food and beverage preferences and other special requests for future reference by the Pavilions Group so as to get ourselves well prepared before your next arrival. 


CREATING AND UPDATING YOUR ONLINE ACCOUNT INFORMATION

For hotel related services, upon completing an online room reservation, you can set up, review or update your information online.


FOOD AND BEVERAGE OUTLET RESERVATIONS 

We collect your personal data including your name and phone number when you make a reservation at our food and beverage outlets. 


SPA RESERVATIONS 

We collect your personal data including your name, contact details, and where necessary, credit card information for payment purposes when you make a spa reservation. In addition, with your explicit consent, we may collect information relating to your health, allergies and treatment preferences before the spa treatment is commenced to ensure that your spa treatment is conducted under safe conditions. 

YOUR RIGHTS 

You as data subject have rights to your personal data which we must respect and comply with to the best of our ability.  We must ensure you can exercise your rights in the following ways:
(1)    Right of confirmation

You shall have the right to obtain from us the confirmation as to whether or not your personal data and information concerning you are being processed. If you wish to avail yourself of this right of confirmation, you may, at any time, contact our Data Protection Officer or any of our staff. 
(2)    Right of access

You shall have the right to obtain from us free information about your personal data stored at any time and a copy of the same.  Furthermore, you are also entitled to access to the following information:
●    the purposes of the processing;
●    the categories of personal data concerned;
●    the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
●    where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
●    the existence of the right to request from us rectification or erasure of personal data, or restriction of processing of personal data concerning you, or to object to such processing;
●    the existence of the right to lodge a complaint with a supervisory authority;
●    where the personal data are not collected from you, any available information as to their source;
●    the existence of automated decision-making, including profiling as well as the significance and envisaged consequences of such processing for you.
Furthermore, you shall have a right to obtain information as to whether your personal data are transferred to a third country or to an international organization. Where this is the case, you shall have the right to be informed of the appropriate safeguards relating to the transfer. 
If you wish to avail yourself of this right of access, you may at any time contact our Data Protection Officer or any of our staff. 
(3)    Right to rectification

You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.  Taking into account the purposes of processing, you shall have the right to have incomplete personal data completed, including by means of of providing a supplementary statement. 
If you wish to exercise this right of rectification, you may, at any time, contact our Data Protection Officer or any of our staff.
(4)    Right to erasure

You shall have the right to obtain from us the erasure of personal data concerning you without undue delay and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
●    The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
●    You withdraw consent to which the processing is based and where there is no other legal ground for the processing;
●    You object to the processing and there are no overriding legitimate grounds for the processing pursuant to Article 21(1) of the GDPR 
●    You object to the processing for direct marketing purposes.
●    The personal data have been unlawfully processed.
●    The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
●    The personal data have been collected in relation to the offer of information society services to a child.

If one of the aforementioned reasons applies, and you wish to request the erasure of personal data stored by the Pavilions Group, you may at any time contact our Data Protection Officer or any of our staff.  Our Data Protection Officer or any of our staff shall promptly ensure that the erasure request is complied with without undue delay.
(5)    Right of restriction of processing

You shall have the right to obtain from us restriction of processing where one of the following applies:
●    The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
●    The processing is unlawful and you oppose the erasure of the personal data and requests instead the restriction of their use instead.
●    We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
●    You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforesaid conditions is met, and you wish to request the restriction of the processing of personal data stored by the Pavilions Group, you may at any time contact our Data Protection Officer or any of our staff.  Our Data Protection Officer or any of our staff will arrange the restriction of the processing. 
(6)    Right to data portability

You shall have the right to receive the personal data concerning you, which was provided to us, in a structured, commonly used and machine-readable format.  You shall have the right to transmit those data to another controller without hindrance, where technically feasible and when doing so does not adversely affect the rights and freedom of others. 
In order to assert the right of data portability, you may at any time contact our Data Protection Officer or any of our staff.
(7)    Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you based on legitimate interest or performance of a public interest task. This also applies to profiling based on these grounds. 
If the Pavilions Group processes personal data for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing.  This applies to profiling to the extent that it is related to such direct marketing.  If you object to the Pavilions Group to the processing for direct marketing purposes, the Pavilions Group will no longer process the personal data for these purposes. 
In order to exercise the right to object, you may directly contact our Data Protection Officer or any of our staff. In addition, you are free in the context of the use of information society services, and to use your right to object by automated means using technical specifications.
(8)    Right in relation to automated individual decision making, including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you as long as the decision (i) is not necessary for entering into, or the performance of, a contract between you as data subject and us as a data controller; or (ii) is not authorised by Union or Member State law to which the Pavilions Group is subject and which also lays down suitable measures to safeguard you rights and freedoms and legitimate interests, or (iii) is not based on your explicit consent. 
If the decision (i) is necessary for entering into, or the performance of, a contract between you as data subject and the Pavilions Group as a data controller, or (ii) it is based on your explicit consent, the Pavilions Group shall implement suitable measures to safeguard your rights and freedoms and and legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and contest the decision.
If you wish to exercise the rights concerning automated individual decision making, you may at any time directly contact our Data Protection Officer or any of our staff. 
(9)    Right to withdraw consent

You shall have the right to withdraw your consent to processing of your personal data at any time.  If you wish to exercise your right to withdraw your consent, you may at any time contact our Data Protection Officer or any of our staff.

DISCLOSURE TO THIRD PARTY

The Pavilions Group may engage third parties to assist in the provision of service by us to you and which may, as part of their role in delivering the service, process your personal data.  As part of using service provided by the Pavilions Group, you consent to us sharing your personal data with the following parties:-
●    agents, other service providers and third party partners who process and store personal data and information;
●    professional advisors;
●    law enforcement agencies;

In this respect agents, other service providers and third party partners who process and store personal data and information of the Pavilions Group are hereinafter referred to as ‘Subprocessors’.  The Pavilions Group maintains a list of all Subprocessors that may process your personal data. 

The Pavilions Group has concluded data processing agreements with all Subprocessors in which they are required to abide by substantially the same obligations as the Pavilions Group under this Privacy Policy.

Unless otherwise described elsewhere in this Privacy Policy, we do not disclose, sell or trade any to any of your personal data and information to third parties.

We may share personal data and information with Subprocessors such as the credit card processor working with us in connection with the operation of the Websites and/ or service provided by us to you and who need access to such personal data and information t