DATA PRIVACY & SECURITY POLICY
Effective Date: 1 July, 2011
Last Updated: 13 March, 2022
- 1 Personal Data we collect
- 2 How we use Personal Data
- 3 How we share Personal Data
- 4 How we transmit, protect and store Personal Data
- 5 Your rights
- 6 Contacting us
- 7 Cookies
- 9 Other sites
- Annex I: Local Specific Provisions - for residents in California and Nevada
- Annex II: Local Specific Provisions - for individuals in China
1. Personal Data we collect
We may collect and process the following Personal Data about you.
- (a) Personal information about you ► personal information that you provide to us, or that we obtain from public channels, including your name, language preference, telephone number, email address and (residential and/or delivery) address and records of your trading history with us;
- (b) Registration information of accounts with us ► username and password that you provide to us for registering an account of “My Peninsula”, “Peninsula Perfect Companion” or “Mobile PenKey Concierge”;
- (c) Your payment information ► your payment information such as your credit card information (including credit card number, code and expiry date) and your bank account details;
- (d) Our correspondence ► if you contact us, via email, telephone or other means of communication, for any purpose (e.g., making enquiries to us before or after a transaction with us), we may keep the correspondence in record;
- (e) Social media account information ► depending on your interactions with various social media platforms linked to us or with which we engage, we may process your profile names, account ID, photographs, posts, etc. that are publicly available;
- (f) CCTV images and recordings ► to ensure the security of our properties, we may have close circuit television systems installed which will take visual and/or aural recordings where appropriate and relevant, and we may keep recordings as permitted by applicable laws;
- (g) Survey information ► we may also ask you to complete surveys that we use for research purposes. In such circumstances we shall collect the information provided in the completed survey;
- (h) Your use of our website and mobile applications ► details of your visits to our website, mobile application and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access;
- (i) Do-not-track ► Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (DNT) mechanisms, we do not respond to web browser-based DNT signals at this time.
For our hotel related services only (e.g., when you make a hotel or spa reservation, purchase a gift certificate from us, or enjoy customized concierge services to be provided via Mobile PenKey Concierge)
- (j) Your travel details and preferences ► we may collect information such as your travel details (including flight number, arrival and departure dates and time, country/region of origin and destination), your frequent flyer information, your travel partner’s information (including accompanying family members, partners or friends), employment information (applicable to group reservation), preferences for room, food and beverages and treatment, internet access, and services (including important dates or anniversaries). We may also need collect information as required by local laws such as the number of identity card or passport, type of entry visa, driver’s license, date and place of birth, gender, title, nationality, etc.;
- (k) Your transactions with us ► we collect your itemized spending to properly assemble your folio during your stay, which includes your room rate and other expenses billed to your room.
- (l) Your requests for customized concierge services ► we may collect your information via Mobile PenKey Concierge to provide customised services according to your requests, such as your drivers’ license number for renting a car for you and other information to provide lifestyle experiences and sourcing services for goods, foods, entertainments, etc., to you.
For non-hotel related services only (e.g., residential and commercial leasing, and operation of residential clubs and provision of food and beverages, banquet and transport services)
- (m) Your requests for related services ► we may collect certain information to satisfy your requests for related services: license plate number (applicable to residential and commercial leasing), co-habitant or visitor (applicable to residential leasing), food and beverages preferences and requests (applicable to provision of food and beverages services), itinerary and activity arrangement (applicable to provision of banquet or transport services), etc.
- (n) Your transactions with us ► we may collect information such as details of identity card and passport and particulars of tenancy, employment and club membership.
- For communication with shareholders, investors, potential investors and analysts and for verifying shareholders’ identity only (e.g., sharing with you our financial information, announcements and press release and inviting you to our presentations and/or to exercise your shareholder’s rights)
- (o) Your requests for related information and exercising shareholders’ rights ► we may collect and store certain information if you submit to us voluntarily: your full name, email address and addresses, percentage of share and vote, phone number, employer and other Personal Data strictly in connection with the investment and, if appropriate, copy of your identification document, for us to communicate with you and/or to verify your identity as our shareholder. We also use any Personal Data that the Hong Kong Share Registrar of The Hongkong and Shanghai Hotels, Limited (currently, Computershare Hong Kong Investor Services Limited) already hold about you.
We do not collect Personal Data when you apply for a Peninsula/American Express credit card. If you apply for a Peninsula/American Express credit card, you will be required to provide certain personal information as part of the credit card application process. We do not collect any of your personal information supplied to the card issuer in this process. You can refer to American Express’ privacy statement posted on their website to understand how the information you supply will be used. American Express is the issuer of the credit card, and all terms and conditions of being a cardholder are dictated by American Express.
There are several ways by which we may collect your Personal Data from you: (i) we may collect your Personal Data from you directly by engaging with you, for example, when you make a direct booking on our website, or when you book or purchase our service or product in-person; and (ii) we may also collect Personal Data from third parties including agents and online service providers that make hotel, spa or restaurant reservations on your behalf, facilitate online payments or gift purchases or that are otherwise involved in the reservations process or delivering our services to you; finally, (iii) we may also collect Personal Data from you through your activity on social media platforms that link to us such as Facebook fan pages or WeChat Official Account, or when you share content, photographs or follow us. Please note that these social media platforms will have their own privacy policies and procedures governing the processing of your Personal Data.
Special Categories of Personal Data
Under certain circumstances, the Personal Data that you provide, or we collect, may be deemed as a “Special Category of Personal Data” in accordance with the privacy laws and regulations in some countries/regions. Leakage or illegal use of the Special Categories of Personal Data may cause harm or detriment to your reputation, health, body, or property. Special Categories of Personal Data are a subset of Personal Data, including but not limited to, information relating to your health, political opinions, religious beliefs, ethnicity and race, special identity, whereabouts, financial account, sex life, trade union membership and (under certain circumstance) Personal Data related to criminal records, as well as Personal Data of any children at or under the age of 14.
As a general rule, we do not process the Special Categories of Personal Data. However, under certain circumstances, we may process the Special Categories of Personal Data, such as health/medical information in order to handle accidents, medical service needs and/or claims according to the Section 2.1(h) below. Where we process the Special Categories of Personal Data to handle the foregoing incidents, we do so to protect the vital interests of you or other people. Where we process the Special Categories of Personal Data to handle claims, we do so for establishing, exercising or defending legal claims or whenever courts are acting in their jurisdiction.
In addition to the Section 1.6 above, we may process the Special Categories of Personal Data only for special purpose and under necessary circumstances where you have provided them to us, including health/medical information (e.g., allergies, physical challenges, dietary requirements) so that we can provide our services (e.g., spa treatments and food & beverage) safely to you, and will take strict protective measures in accordance with applicable laws.
According to the applicable laws, we will only collect, process, or disclose the Special Categories of Personal Data as set out in the Section 1.7 above where we have obtained your explicit consents and are required to do so. Where you are providing any Special Category of Personal Data of your travel companion, you acknowledge that you have procured their consent for us to collect, process, and disclose their Personal Data.
2. How we use Personal Data
- (a) To administer your reservations ► to process your reservation requests, which may be made via our website, mobile application, our Global Customer Service Centre (GCSC) or our third-party service providers’ website and to confirm your booking. We may send a confirmation of your booking via email, SMS, or other means and a pre-arrival message summarizing your reservation details, preferences and information about the hotel, the surroundings, and the weather in the case of room reservations. Use justification: contract performance, legitimate interests (to enable us to perform our obligations and provide services to you).
- (b) To provide you with services ► to provide and charge for (i) hotel related services, including but not limited to accommodation, food and beverages and spa treatment, and to facilitate any special requests or assistance that you have asked for, and (ii) non-hotel
services including residential club, banquet events, commercial and residential
leasing, concierge and transport services and
information as per request of shareholders, investors and analysts.”
Use justification: contract performance, legitimate interests (to enable us to perform our obligations and provide services to you).
- (c) To complete your purchase ► to complete your orders when you purchase a Peninsula gift certificate, pre-paid card or merchandise Use justification: contract performance, legitimate interests (to enable us to perform our obligations and provide services and products to you).
- (d) To customize our services and products to you ► to assure your future comfort and attention to your individual needs, we collect and store specific information about you, such as your food and beverages preferences and other special requests. For example, if you are a repeat guest of our hotels or restaurants or have filled out our food and beverages questionnaire, we may store your Personal Data in our system to serve you better upon your return.
Use justification: consent (which can be withdrawn at any time please see section 5.2(e) below), legitimate interests (to allow us to provide customized services and products to you).
- (e) To provide marketing materials to you ► to provide you with updates, offers, and subscriptions where you have chosen to receive these, or connected with us via social media platforms, such as WeChat. With your consent, we may send you information about The Peninsula Hotels, the Peak Tram, and restaurants and residential clubs operated by our group companies, including news, offers and promotions about our hotels and arcades, food and beverages, spa, merchandise, branded residences, touristic services and special events by us or our arcade partners via different channels of communications such as by post, email, telephone, or SMS. You may also see these offers, promotions, and information on social media platforms through which you have connected with us. Please note that this is subject to the terms and conditions of use of the relevant social media platform. We will send you communications that you want to receive and via the method you select. When you opt-in to receiving promotional material either on a guest registration card or when you register an account of “My Peninsula” or “Peninsula Perfect Companion”, patronise our restaurants, sign up on our websites, or communicate with us in other occasions online and offline and provide your details to us specifically and expressly in order to receive marketing communications specified above, we will periodically contact you via your preferred channel(s). We typically use third party email service providers to send emails. These service providers are contractually prohibited from using your email address for any purpose other than to send emails related to the HSH Group operations and any organised special events. Your Personal Data will not be shared with third parties for their own marketing purposes. You may unsubscribe from all marketing communications at any time you want. Every time you receive an email, you will be provided with the choice to opt-out of future emails by following the instructions provided in the email. You may also opt-out of receiving promotional materials at any time by updating your “My Peninsula” or “Peninsula Perfect Companion” account or contacting us as set out in the Section 6 below and relevant annexes.
Use justification: consent (which can be withdrawn at any time - please see section 5.2(e) below);
- (f) For analytics and profiling ► to tailor our marketing communication to you. In connection with our marketing activities, we analyze information that we collect about customers to determine what offers are most likely to be of interest to different categories of customers in different circumstances and at different times. To do this for hotel-related services, we combine Personal Data that we have collected about a customer from a Peninsula Hotel with Personal Data that we have collected from the same customer from another Peninsula Hotel. Such Personal Data include customer behavioral information such as transaction history, spending pattern, preferences, service requests and interactions with us. From time to time, we will assess the Personal Data that we hold about you, where can also help us avoid sending you offers that are inappropriate or unlikely to be of interest to you. You have the right and may exercise it at any time to opt-out of such analysis of your Personal Data by contacting us as set out in the Section 6 below and relevant annexes.
Use justification: consent (which can be withdrawn at any time - please see section 5.2(e) below), legitimate interests (to enable us to tailor our marketing communication to you).
- (g) To comply with our legal obligations and defend our legal rights ► to comply with our legal obligations such as financial reporting requirements imposed by our auditors and government authorities, to safeguard our legal rights including (without limitation) in relation to the defense of any claims, and to cooperate with law enforcement agencies, government authorities, regulators and/or the court in connection with proceedings or investigations anywhere in the world where we are compelled to do so.
Use justification: legal obligation, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities);
- (h) To handle accidents and medical service requests and process any claims we receive ► to handle any accidents (such as liaising with emergency services) and medical service requests, and to handle any claims made by customers such as personal injury claims. Please note that this may also require to process the Special Categories of Personal Data – please see section 1.6 for further information about this.
Use justification: vital interest (in relation to the Special Categories of Personal Data), legal claims, legitimate interests (to ensure that incidents and accidents will be handled appropriately and to allow us to assist our customers);
- (i) To improve our services and products ► to assist in developing new services and products and to improve our existing services and products.
Use justification: consent (which can be withdrawn at any time - please see section 5.2(e) below), legitimate interests (to allow us to continuously improve and develop our services);
- (j) To ensure our website and mobile application function correctly ► to ensure that content from our website and mobile applications is presented in the most effective manner for you and for your computer.
Use justification: contract performance, legitimate interests (to allow us to provide you with the content and services on the Website); and
- (k) In connection with any reorganization of our business ► to analyze, or enable the analysis of, any proposed sale or reorganization of our business.
Use justification: contract performance, legitimate interests (to allow us to continue providing services to you).
Applicable to hotel-related services only.
- (l) To register you as a user ► to create your My Peninsula account. You can create, review, or update your information in My Peninsula account (including your Personal Data) online upon completing an online room reservation.
Use justification: consent (which can be withdrawn at any time - please see section 5.2(e) below), legitimate interests (to allow us to register a user account for you).
Applicable to hotel-related and non-hotel related services
- (m) To enjoy digitalized intelligent customer services ► to join the program of “Peninsula Perfect Companion” to enjoy our digitalized intelligent customer services. You can create, review, or update your information in the mini program “Peninsula Perfect Companion / 半岛臻伴” (including your Personal Data and preferences) on WeChat.
Use justification: consent (which can be withdrawn at any time- please see section 5.2(e) below), contract performance, legitimate interests (to allow us to register a user account for you).
- (n) To enjoy exclusive concierge services ► to enroll in the program of “Mobile PenKey Concierge” to enjoy exclusive lifestyle services provided by us. You can create, review, or update your information in “Mobile PenKey Concierge” (including your Personal Data and preferences).
Use justification: consent (which can be withdrawn at any time - please see section 5.2(e) below), contract performance, legitimate interests (to allow us to register a user account for you).
- (o) To provide investment-related services to you ► to notify you from time to time of the
release dates of the company’s financial information and/or to send you email alerts
about the links to company announcements, company press releases, invitation to
company investor presentations or media briefings via webcasts or other live streaming
of digital meeting formats and/or other information which investors may find relevant.
Use justification: consent (which can be withdrawn at any time -please see section 5.2(e) below), legitimate interests (to enable us to perform our obligations and provide services to you).
Applicable to communication with shareholders, investors, potential investors and analysts only
We may combine information that we have collected offline with information we collect online. We combine information across devices, such as computers and mobile devices. We may also combine information we receive from a third party with information we already have.
3. How we share Personal Data
We may share your Personal Data with the following parties.
Use justification: contract performance, legitimate interests (to allow us to effectively provide services to you and conduct operation and management).
- (b) Third party service providers who process Personal Data on our behalf to help us undertake the activities described in the Section 2 ► We may permit selected third parties such as service providers, agents, contractors, entities which may be the hotel owner, and other HSH Group companies to use your Personal Data for the purposes set out in the Section 2, including:
I. Specialized agents helping us to provide advertisements and promotional campaigns and events and analyse their effectiveness, to manage your communications and questions to us, to maintain the relationship with you, to provide personalized services for you, and to send marketing communications to you with your consent in advance;
II. Third party vendors helping us to deliver products to you, such as post offices and couriers;
III. Payment service providers and credit reporters helping us to assess your credit score, to verify your information (if and when this is required for signing certain contracts) and to process your online payment;
IV. Third party vendors helping us to provide customer or concierge services and customer care;
V. Travel agencies, firms or companies helping us to provide training, seminars, banquets, events, personalized experience services;
VI. Consulting firms helping us to manage client relationship and to provide reports and analysis of market research and customer surveys.
Use justification: contract performance, legitimate interests (to allow us to effectively provide services to you and to run and manage our business).
- (c) Law enforcement agencies, government authorities, regulators, and the court to comply with our legal obligations or to handle incidents/ claims ► We may disclose your Personal Data when required by relevant laws or by court order or requested by other government or law enforcement authorities to assist with proceedings or investigations. Where permitted, we will direct any such request to you or notify you before responding unless doing so would prejudice the prevention or detection of an actual or suspected crime. This also applies when we have reason to believe that disclosing the Personal Data is necessary to obtain legal advice and/or to identify, investigate, protect, contact, or bring legal action against someone who may intentionally or unintentionally cause interference with or damage to our guests, visitors, associates, properties, or others.
Use justification: legal obligation, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities); and
- Use justification: contract performance, legitimate interests (to allow us to run and manage our business).
Use Justifications :
- These are the principal legal grounds that justify our use of your Personal Data:
Consent: where you have consented to our use of your Personal Data (we will obtain your oral or written consent in relation to any such use).
Contract performance: where your Personal Data is necessary to enter into or perform our contract with you.
Legal obligation: where we need to use your Personal Data to comply with our legal obligations.
Legitimate interests: to the extent permitted by applicable laws and regulations, where we use your Personal Data to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
Vital interest: where we need to process your Personal Data to protect the vital interest of you or another natural person, e.g., where you require urgent assistance.
These are the principal legal grounds that justify our use of your Special Categories of Personal Data:
- Explicit consent: You have given your explicit consent for us to process those Personal Data for one or more specified purposes. In some cases, in accordance with applicable laws, we will also seek your separate consent. You are free to withdraw your consent by contacting us. Where you do so, we may be unable to provide a service that requires the use of such data.
Protection of vital interests of you or other people, where you are unable to give us consent: processing is necessary to protect the vital interests of you or of another natural person where you are physically or are legally incapable of giving consent.
4. How we transmit, protect and store Personal Data
Security of communications
It is important to note that transmitting information over security system or the internet cannot be guaranteed to be one hundred percent secure. There is a risk inherent in the submission of information online and the use of email and facsimile. Please be aware of this when requesting information or sending forms to us online or by email or facsimile, for example, from the “Contacting us” section. We recommend that you do not include any sensitive information including credit card details when submitting information online, using email, facsimile or when using any public computers/public WIFI.
- Security controls
We take commercially reasonable administrative, technical, and physical safeguards designed to protect the Personal Data that we possess against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. Despite such efforts, however, please note that no company can fully eliminate risks or guarantee complete security of Personal Data. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of your information. While we strive to put in place appropriate contractual protections, we are unable to guarantee the security of Personal Data hosted on databases run by third parties, and we bear no liability for uses or disclosures of personal information or other data arising in connection with theft of the information or other malicious actions.
We store certain customer information and reservation details in our Customer Information System and Reservation System on our subcontractor’s secure servers. Our server resides behind various measures such as firewalls, authentication, access control, integrity protection, encryption and anti-virus tools designed to protect Personal Data collected from you against unauthorized or accidental access. Because laws applicable to personal information vary by country, our hotels or other business operations will put in place additional measures that may be different depending on the applicable legal and regulatory requirements.
Personal Data transmission across international borders
*Currently, guest data may be transferred to our headquarters in Hong Kong as well as other countries or regions where we are present, including mainland China, Japan, Vietnam, United Kingdom, United States of America, Thailand, Turkey, the Philippines, and France. We also use third party service providers in countries such as United States of America and Australia to process mailing, certain online bookings, and purchases of gift cards.
Special information for EU residents: your Personal Data may be accessed by staff or suppliers, transferred, and/or stored outside the European Economic Area (EEA) including to countries which may have a lower level of data protection than under EU data protection laws. We must comply with specific rules when we transfer Personal Data from inside the EEA to outside the EEA. When we do this, we will use appropriate safeguards to protect any Personal Data being transferred. Where required, we will transfer your Personal Data subject to European Commission approved contractual terms that impose different data protection obligations directly on the recipient. Please contact us as set out in the Section 6 below if you would like to see a copy of the specific safeguards we apply to the export of your Personal Data; these may be redacted to protect commercially sensitive or confidential information.
Your Personal Data will be stored for the period of time required or permitted by law in the jurisdiction of the operation holding the information (e.g., certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or to comply with regulatory requirements regarding the retention of such data). Hence, if information is used for two purposes, we will retain it until the purpose with the latest period expires, but we will stop using it for the purpose with a shorter period once that period expires.
Our retention periods are based on business needs and on the applicable statutory requirements.
5. Your rights
- Opt-out of marketing
You have the right to ask us not to process your Personal Data for marketing purposes at any time. You can exercise your right by checking certain boxes online or on the data collection forms, by talking to us in person, or by contacting us via the manner as set out in the Section 6 below and relevant annexes. If you opt out of receiving our marketing messages, where permitted by the applicable laws, you may continue to receive other messages from us as required by the relationship between you and us.
Subject to various exceptions and applicable data protection laws in your country, you may enjoy the following rights and exercise them by contacting us via the manners as set out in the Section 6 below and relevant annexes:
(a) Access: you can ask us to provide you with further details on the use we make of your Personal Data and a copy of the Personal Data we hold about you;
(b) Correction: you can ask us to correct any inaccuracies in the Personal Data we hold about you;
(c) Complaint: if you are not satisfied with our use of your Personal Data or our response to any exercise of these rights, you may have the right to complain to the data protection authority in your country;
(d) Erasure: you can ask us to delete your Personal Data if we no longer have a lawful ground for use, unless other requirements specified by applicable laws and regulations;
(e) Withdrawal of consent: where processing is based on consent (e.g., marketing, or certain uses of the Special Categories of Personal Data), you can withdraw your consent to our processing, and we will stop that particular processing;
(f) Object to processing: you have the right to object to other types of processing (e.g., analytics and profiling activities carried out in relation to your Personal Data), unless our reasons for such processing outweigh any prejudice to your data protection rights;
(g) Restriction: you can restrict how we use your Personal Data pending any investigation, e.g., whilst we are verifying the accuracy of your Personal Data or where we are verifying the grounds that we use as the basis of holding your Personal Data;
(h) Portability: where technically feasible and permitted by applicable laws, you have the right to ask us to export the Personal Data that you have provided to us to a third party in a structured, commonly used and machine-readable form.
(i) Cancellation of your account: you have the right to cancel your account with us. Please note that you cannot use all or part of the functions and services after account cancellation. We will delete your Personal Data within a reasonable time limit;
(j) Refusal of automated decision: for providing you with personalized contents and customized advertising recommendations, we may process the Personal Data that we collect through big data analysis, algorithms, and other inartificial automated decision-making technologies to make decisions (such as corporate sales and marketing information). Should you do not wish us to use such technologies or to process your Personal Data in such ways, or you have any question about the results of automated decision and believe that the results of automated decision are wrong causing adverse effects on you during the course of processing, or you intend to close the display of personalized contents, you may contact us via the manners as set out in the Section 6 below and relevant annexes, and we will provide you with the way to close it or other appropriate reliefs.
We will use reasonable endeavors to ensure that your Personal Data is accurate. In order to assist us with this, you should notify us of any changes to your Personal Data that you have provided to us by updating your details in your account in “My Peninsula”, “Peninsula Perfect Companion” or “Mobile PenKey Concierge” by contacting us via the manners as set out in the Section 6 below and relevant annexes.
Inform of security events: in case of any rare data security event, we will inform you of the disclosure of your Personal Data in accordance with the relevant laws and regulations.
6. Contacting UsThe Hongkong and Shanghai Hotels,
LimitedAttention: Executive Office / HSH Management Services Limited Email: firstname.lastname@example.org
9. Other sites
The website or mobile application may contain links to other third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you provide any personal information to such third-party websites.
Annex I: Local Specific Provisions – for residents in California and NevadaIf you are a California resident, you have the right to ask us what information we have collected, used, disclosed, and sold about you in the preceding 12 months. You also have the right to request us to delete the Personal Data we have collected from you. Please contact us via one of the toll-free numbers listed below or email us at email@example.com to exercise your rights. We will verify your request by matching information you provide to us with information we already have about you. We will not discriminate against you because you have exercised any of your rights under the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”). You can designate someone else to make a request by having them execute a notarized power of attorney to act on your behalf. We will maintain a record of your CCPA and CPRA rights requests.
- Under California law we are required to tell California residents if we “sell” information as that term is defined by applicable law (i.e., sharing the Personal Data with a third party for monetary or other valuable consideration). We confirm to California residents that we do not do this based on our understanding of that term. We also do not have actual knowledge that we sell the Personal Data of Minors under the age of 16.
(b) The Peninsula Chicago: +1 866 288 8889
(c) The Peninsula New York: +1 800 262 9467
(d) Quail Lodge & Golf Club: +1 866 675 1101
1. To whom we share Personal Data
2. Software Development Kits (SDK) Provided by Third Parties
|Gift platform API||Support users to shop on e-commerce platforms||Information of orders and addressees, user’s name and email address||Techsembly Pte. Ltd||https://www.techsembly.com/privacy-policy|
|Spa Booking Engine||Support users to reserve spa service||Name, email address and phone number||CPS Graphics, Inc. dba Tambourine||https://www.tambourine.com/privacy-policy|
|Revinate API||User information management||Name and email||Revinate, Inc.||https://www.revinate.com/privacy/|
|Splio||Order management||Name, birthday, mobile phone number, WeChat ID, region||Shanghai Splio Information Consulting Co., Ltd.||https://splio.com/zh/data-protection-zh/|
|WeChat Order Management||Support users to reserve rooms||Name, birthday, mobile phone number, WeChat ID, stay period||Beijing Shiji Information Technology Co., Ltd.||https://www.shijigroup.com/legal/terms-and-conditions|
|WeChat Content Management and Customer Relationship Management||Data management and statistical analysis||User’s WeChat ID and nickname, pages and contents visited, and duration of visit||Shanghai JINGdigital Co., Ltd.||https://www.jingdigital.com/%E9%9A%90%E7%A7%81%E6%94%BF%E7%AD%96|
3. Personal Data transmission across international borders
In principle, the Personal Data that are generated or collected by us in China will be stored in China as well. To process your reservation and payment and to provide with you our relevant services, we may need to transfer your Personal Data outside of China. Data protection laws in these countries or regions may be different from those in China and the level of protection to your Personal Data may vary accordingly.
If your Personal Data is transferred overseas, we will take appropriate protective measures as required by the laws and regulations in China, including carrying out personal data protection impact assessment, and as the case may be completing certification by the competent authorities, security assessment by qualified third-party institutes, or signing the standard contractual clauses issued by the Cyberspace Administration of China with overseas recipients.
4. Special protection of Minors’ Personal Data
5. Contacting Us
Global Data Privacy Team
The Hongkong and Shanghai Hotels, Limited
8/F St George’s Building
2 Ice House Street
Central, Hong Kong SAR
Phone: +852 2926 2888
Fax: +852 2732 2933
- Data Protection Officer in China Mainland
The Palace Hotel Ltd.
8 Goldfish Lane, Wangfujing, Beijing
The Peninsula Beijing
Phone: +86 10 8516 2888
- The Peninsula Shanghai Waitan Hotel Company Limited
No. 32, The Bund 32 Zhongshan Dong Yi Road, Shanghai
The Peninsula Shanghai
Phone: +86 21 2327 2888