1 Introduction
We use your
personal information in order to fulfil our commitment to providing an
unparalleled guest service experience in connection with all of your
interactions with Hyatt (the “Purpose”). As part of that undertaking, we
are committed to safeguarding the privacy of the personal information that we
gather.
As one of our
guests or someone else with whom we do business, you understand and agree that
we collect, use and disclose your personal information in accordance with this
Global Privacy Policy (this “Policy”).
2 The
Application of this Policy
This Policy
applies to personal information regarding guests and the other individuals with
whom we do business or who visit us and to the use of that personal information
in any form – whether oral, electronic or written.
This Policy gives
effect to our commitment to protect your personal information and has been
adopted by all of the separate and distinct legal entities that manage,
operate, franchise, license, own and/or provide services to the various Hyatt
hotels and resorts (including those branded "Hyatt®", "Hyatt Regency®", "Park
Hyatt®", "Grand Hyatt®", "Andaz®", "Hyatt Centric®", "Hyatt Place®", "Hyatt
House®", "Hyatt Ziva®" or "Hyatt Zilara®") or "Hyatt Residence Club®" properties around the world ("Hyatt Hotels & Resorts®"). Those
entities include Hyatt Hotels Corporation and its direct and indirect
subsidiaries, and all of the separate and distinct legal entities that own the
individual Hyatt hotels and resorts and Hyatt Residence Club properties
worldwide or provide services to you under a Hyatt brand. References to "Hyatt", "we" and "our" throughout this Policy, depending upon the
context, collectively refer to those separate and distinct legal entities.
While this Policy
is intended to describe the broadest range of our personal information
processing activities globally, those processing activities may be more limited
in some jurisdictions based on the restrictions of their laws. For example, the
laws of a particular country may limit the types of personal information we can
collect or the manner in which we process that personal information. In those
instances, we adjust our internal policies and/or practices to reflect the
requirements of local law.
If you are a
Hyatt associate, please see the Global Privacy Policy for Employees or your
applicable employer’s privacy policy, as this Policy does not apply to your
personal information, unless collected in your capacity as a guest.
3 Types of
Personal Information We Collect
The term “personal
information” in this Policy refers to information that does or is capable of
identifying you as an individual. The types of personal information that we
process (which may vary by jurisdiction based on applicable law) include:
Much of the
personal information we process is information that you or someone acting on
your behalf knowingly provides to us. However, in other instances, we process
personal information that we are able to infer about you based on other
information you provide to us or during our interactions with you, or personal
information about you that we receive from a third party. This Policy also
applies to the personal information about you that we receive from a third
party, unless specifically covered by such third party’s privacy policy.
There may be
instances in which the personal information that you provide to us or that we
collect is considered Sensitive Personal Information under the privacy laws of
some countries. Those laws define “Sensitive Personal Information” to
mean personal information from which we can determine or infer an individual’s
racial or ethnic origin, political opinions, religious beliefs or other beliefs
of a similar nature, membership in a trade union or professional association,
physical or mental health or condition, medical treatment, genetic data, sexual
life or judicial data (including information concerning the commission or
alleged commission of a criminal offence). In some very rare instances,
financial records may form part of Sensitive Personal Information where you are
located. We only process Sensitive Personal Information in your jurisdiction if
and to the extent permitted or required by applicable law.
When you agree to
this Policy you are, to the extent required under your local law, granting your
express and written consent to the processing of any personal information that
you provide to Hyatt that is considered to be Sensitive Personal Information or
financial information. Save to the extent required by law, you are not obliged
to provide Hyatt with any of your Sensitive Personal Information, and should
you chose not to, this will not prevent you from purchasing any products or
services from Hyatt.
4 How We Use
Personal Information
Subject to
applicable laws, we may collect, use and disclose relevant portions of your
personal information in order to:
Hyatt uses and
retains your personal information for as long as is necessary to fulfil the
Purpose.
5 Disclosures
of your Personal Information
From time to
time, we may disclose your personal information. We would always make that
disclosure in accordance with applicable law. In some jurisdictions, data
privacy laws may require us to obtain your consent before we transfer your
information from your originating country to other countries. When you agree to
this Policy, you are, to the extent required and permitted under your local
law, granting your consent to the transfer of your personal information to such
other countries for the Purpose and to the extent stated in this section and as
described in Section 4 above.
Circumstances
where we might make such disclosure (in addition to those described in Section
4 above) include:
5.1 Our
Agents, Service Providers and Suppliers
Like most
international hotel brands, we may outsource the processing of certain
functions and/or information to third parties. We may also engage market
research firms to assist us in contacting guests for the purpose of market
research and quality assurance. When we do outsource the processing of your
personal information to third parties or provide your personal information to
third-party service providers, we oblige those third parties to protect your
personal information in accordance with the terms and conditions of this
Policy, with appropriate security measures.
5.2 Consumer
Insights
Where we hold
personal information about you, we may disclose this personal information to
other companies that also hold information about you. These companies may
combine the information in order to better understand your preferences and
interests, thereby enabling them and us to serve you better. If your personal
information is used for direct marketing purposes, you have the right to object
to that by contacting us using the contact information provided under Section
12 below.
5.3 Credit
Authorization
When you request
credit, your personal information will be used and disclosed to appropriate
third parties in accordance with applicable laws for the purpose of determining
whether to grant and maintain a line of credit to you.
5.4 Business
Transfers
As we continue to
develop our business, we may sell hotels and other assets, or cease being the
manager or franchisor of a hotel that is currently part of our portfolio. In
those circumstances, we may include the personal information collected about
you, or control of that personal information, as a business asset in any such
transfer. Also, in the unlikely event that we, or substantially all of our
assets, are acquired, personal information collected about you, or control of
such information, may be one of the transferred assets.
5.5 E-Folio
Program
If you are an
employee or independent contractor of a company that participates in Hyatt’s
E-Folio Program, and you use the corporate credit card that is provided to you
by your employer (if you are an employee) or corporate client (if you are an
independent contractor) to pay for your hotel bill at a Hyatt property, then
you may benefit from Hyatt’s E-Folio Program.
Under the E-Folio
Program, an extract of your bill (including the dates of your stay, your credit
card details and amounts incurred at the Hyatt property including room charges
and all incidental charges including but not limited to food, beverage and
entertainment charges) will be transferred electronically by the Hyatt property
via Hyatt’s U.S.-based information system either to Hyatt or to a third-party
service provider located in the United States who acts on Hyatt’s behalf to
compile the extract and transfer it to:
The entities that
receive the extract of your bill may be located in the United States, which
does not have privacy laws that specifically address in detail all uses of
personal information in the same way as in other parts of the world (notably
Europe, Canada, Australia, South Africa and most of South America). In order to
ensure the protection of your personal information, its transfer to Hyatt’s U.S.-based
information system will be governed by our binding corporate rules (where they
apply to you). The third party service provider who acts on Hyatt’s behalf to
compile the extract will be subject to contractual provisions meeting the
requirements of Hyatt’s binding corporate rules.
Once the personal
information is transferred to the credit card network operator, credit card
issuer, your employer or corporate client and/or their respective
subcontractors, it is no longer subject to the protections described in this
Policy, but rather your own arrangements with your employer or corporate
client, the relevant credit card network operator and/or the relevant card
issuer.
5.6 Legal
Requirements
We reserve the
right to disclose any personal information we have concerning you if we are
compelled to do so by a court of law or lawfully requested to do so by a
governmental entity or if we determine it is necessary or desirable to comply
with the law or to protect or defend our rights or property in accordance with
applicable laws. We also reserve the right to retain personal information
collected and to process such personal information to comply with accounting
and tax rules and regulations and any specific record retention laws.
6 Centralized
Data Processing Activities
Like most
international businesses, we have centralized certain aspects of our data
processing activities in accordance with applicable laws, which, in many
instances, will result in the transfer of your personal information from one
country to another. For example, if you make a reservation and/or stay at one
of the Hyatt hotels or resorts outside of the United States, the personal
information gathered in that process will be transferred to and processed in
the United States, in accordance with Hyatt’s binding corporate rules (where
they apply to you). The jurisdictions where that information will be processed
may or may not have laws that seek to preserve the privacy of personal
information. Nevertheless, whenever your personal information is transferred
within the Hyatt companies, your personal information will be processed in
accordance with the terms and conditions of this Policy and applicable laws.
7 Information
We Collect When You Visit Us Online
If you access any
Hyatt website, you may wish to know the following:
7.1 You Can
Browse Without Revealing Who You Are
You can always
visit our websites without logging in or otherwise revealing who you are.
7.2 Usage
Information
When you visit
our websites, we collect information about how you use those websites. Examples
of such information include the Internet Protocol address automatically
assigned to your computer each time you browse the Internet, the date and time
of your visit, the pages you access and the amount of time you spend on each page,
the type of Internet browser you use, your device’s operating system and the
URL of any websites that you visited before and after visiting our website.
That information is not linked to you as an individual unless you create a user
profile, but we may keep records of the device being used.
7.3 Cookies
and Other Similar Technology
We use cookie
technology on our websites to allow us to evaluate and improve the
functionality of our websites. Cookies by themselves cannot be used to reveal
your identity. They identify your browser, but not you, to our servers when you
visit our websites. For information about how Hyatt uses cookies, visit
hyatt.com.
If you do not
want to accept cookies, you can block them by adjusting the settings on your
Internet browser. However, if you block them, you will not be able to use all
of the features of our websites, including the customization features
associated with creating a user profile.
Further
information about cookies and other similar technology and how they work is available
at allaboutcookies.org.
7.4 Social
Media
Our websites may
also contain plug-ins and other features that integrate third party social
media platforms into our websites. You will be able to activate them manually.
If you do so, the third parties who operate these platforms may be able to
identify you, they may be able to determine how you use this website and they
may link and store this information with your social media profile. Please
consult the data protection policies of these social media platforms to
understand what they will be doing with your personal data. If you activate
these plug-ins and other features, you will be doing so at your own risk.
7.5 Creating a
User Profile
You can create a
user profile on a Hyatt website to, among other things, facilitate your online
transactions, and to tailor your experience on our websites to your interests.
This allows us to make more appropriate recommendations to you. We may use the
information you provide in your user profile to populate other databases
maintained by us and our service providers, as applicable. By creating a user
profile, you are agreeing that we may use the personal information you provide
for these purposes.
You can view,
update or remove any personal information that you have provided to us for
inclusion in your user profile by amending your user profile online or emailing [email protected].
If you subsequently elect to remove your user profile, we reserve the right to
use any personal information previously provided by you for inclusion in your
user profile for record keeping and quality assurance purposes (unless we are
required by law to delete or cease to process or use your personal information).
Even if you choose not to create a user profile, you can still use our websites
to search for and purchase services.
7.6 Links to
Other Websites
If you visit a
Hyatt website and decide, for example, to purchase a gift certificate, make an
airline reservation, rent a car, submit award request forms or apply for a job
online, you may be seamlessly linked to websites maintained by third parties
with whom we have contracted to provide those services. If you click on a link
found on our websites or on any other website, you should always look at the
location bar within your browser to determine whether you have been linked to a
different website. This Policy, and our responsibility, is limited to our own
information collection practices. We are not responsible for, and cannot always
ensure, the information collection practices or privacy policies of other
websites maintained by third parties or our service providers where you submit
your personal information directly to such websites. In addition, we cannot ensure
the content of the websites maintained by these third parties or our service
providers, even if accessible using a link from our websites. We urge you to
read the privacy and security policies of any external websites before
providing any personal information while accessing those websites.
7.7 Security
Because the
security of your personal information is important to us, we use Secured Socket
Layer (“SSL”) software in order to encrypt the personal information that
you provide to us. If your browser is SSL enabled (which most are), your
transmission of personal information to us online will be encrypted. You can
verify whether your personal information is transmitted using SSL encryption by
confirming the symbol of a closed lock or solid key on the bottom bar of your
browser window. You can also verify that your personal information will be
encrypted using SSL encryption by making sure that the prefix for the web
address listed for that page has changed from “http” to “https”. If you do not
see the appropriate symbol and the “https” prefix, you should not assume that
the personal information that you are being asked to provide will be encrypted
prior to transmission.
The personal
information we collect from you online is stored by us and/or our service providers
on databases protected through a combination of physical and electronic access
controls, firewall technology and other reasonable security measures.
Nevertheless, such security measures cannot prevent all loss, misuse or
alteration of personal information and we are not responsible for any damages
or liabilities relating to any such incidents to the fullest extent permitted
by law. Where required under law, we will notify you of any such loss, misuse
or alteration of personal information that may affect you so that you can take
the appropriate actions for the due protection of your rights.
7.8 Minor
Children
Our websites do
not sell products or services for purchase by children and we do not knowingly
solicit or collect personal information from children. If you are under the age
of 18 (or a minor in the jurisdiction in which you are accessing our websites),
you may only use our websites with the involvement of a parent or guardian.
7.9 Targeted
Advertising
Where permitted
by law, we may work with other companies to show you advertisements we think
you may find relevant and useful. This may include advertisements displayed on
our own websites or apps, or advertisements from us displayed on other
companies' websites. The advertisements you see may be based on information
collected by us or third parties and/or may be based on your activities on our
websites or third-party websites.
8 Apps
When you download
or register to use one of our apps, you may submit personal information to us
such as your name, address, email address, phone number, date of birth,
username, password and other registration information, financial and credit
card information, personal description and/or image.
Further, when you
use our apps, we may collect certain information automatically, including
technical information related to your mobile device, your device’s unique
identifier, your mobile network information, the type of mobile browser you use
and information about the way you use the app.
Depending on the
particular app you use and only after you have agreed to such collection, we
may also collect information stored on your device, including contact
information, friends lists, login information (where necessary to allow us to
communicate with other apps at your request), photos, videos, location
information or other digital content. Further details of the kinds of
information we collect is set out in the privacy notice for each individual
app.
9 Choice
You may always
choose what personal information (if any) you wish to provide to us. However,
if you choose not to provide certain details, some of your experiences with us
may be affected (for example, we cannot take a reservation without a name).
If you provide us
with your contact details (e.g. postal address, email address, telephone number
or fax number), we may contact you to let you know about the products,
services, promotions and events offered that we think you may be interested in.
We may also share your personal information with carefully-selected third
parties, who may communicate directly with you. In some jurisdictions, data
privacy laws may require us to obtain a separate consent before we do so. You
can always choose whether or not to receive any or all of these communications
by contacting us as described in Section 12 below or following the
“unsubscribe” instructions contained in the communications.
If you have an
account with our frequent guest program (e.g. World of Hyatt®) we ask you
to indicate your communication preferences at the time you apply for membership
or when you create your user profile. We may also ask you to indicate how you
would like to receive any offers, marketing and promotional information (e.g.
via email or regular mail) and whether you would be willing to participate in
surveys. Once you have indicated your preferences, you can always change them.
In some
jurisdictions, in addition to you agreeing to this Policy, data privacy laws
may require us to obtain a separate consent before we send you information that
you have not specifically requested. In certain circumstances, your consent may
be implied (e.g. where communications are required in order to fulfil your
requests and/or where you have volunteered information for use by us). In other
cases, we may seek your consent expressly in accordance with applicable laws
(e.g. where the information collected is regarded to be Sensitive Personal
Information under local regulations).
We will abide by
any request from you not to send you direct marketing materials. When such a
request is received, your contact details will be “suppressed” rather than
deleted. This will ensure that your request is recorded and retained unless you
provide a later consent that overrides it.
10 Updating or
Accessing Your Personal Information
With some limited
exceptions, you have rights to access and update personal information held
about you. If you want to inquire about any personal information we may have
about you, you can do so by sending us a written request by letter or email to
the addresses set out in Section 12 below. Please be sure to include your full
name, address and telephone number and a copy of a document evidencing your
identity (such as an ID card or passport) so we can ascertain your identity and
whether we have any personal information regarding you, or in case we need to
contact you to obtain any additional information we may require to make that
determination.
We reserve the
right to charge you a fee, if permitted under applicable law, which is usually
around US$20 for processing any such request. Where you make more than one
request in quick succession, we may respond to your subsequent request by
referring to our earlier response and only identifying any items that have
changed materially.
You may request
that we correct, cancel, and/or stop processing or using personal information
that we hold about you. If we agree that the personal information is incorrect,
or that the processing should be stopped, we will delete or correct the
personal information. If we do not agree that the personal information is
incorrect we will tell you that we do not agree, explain our refusal to you and
record the fact that you consider that personal information to be incorrect in
the relevant file(s).
11 Changes to
this Policy
Just as our
business changes constantly, this Policy may also change. To assist you, this
Policy has an effective date set out at the end of this document.
12 Request for
Access to Personal Information/Questions or Complaints
If you have any
questions about this Policy, about the processing of your data described, or
any concerns or complaints with regard to the administration of the Policy, or
if you would like to submit a request (in the manner described in Section 10
above) for access to or deletion of the personal information that we maintain
about you, please contact us by any of the following means:
If you are not
satisfied with the response that you receive, you can escalate your concern to
the Chief Privacy Officer by sending an email to [email protected].
While this Policy
alone does not create contractual rights, Hyatt has ensured compliance with
some of its legal obligations in some countries in relation to personal
information by creating a set of binding standards and policies (known in some
countries as binding corporate rules), approved by a number of national privacy
regulators. As a result, depending on your circumstances and location, you may
be able to enforce your privacy rights using those standards or policies
through that regulator or a court. If you would like to know more about these
standards and policies, please contact Hyatt Hotels & Resorts at the
address above or the Chief Privacy Officer at the email address above.
All requests for
access to your personal information must be submitted in writing by letter or
email. We may respond to your request by letter, email, telephone or any other
suitable method.
Effective Date:
July 30, 2015
In the event of
any inconsistencies between the English version of this Policy and any version
of this Policy in any other language, the English version shall prevail (to the
fullest extent permitted under applicable law).