PERSONAL INFORMATION COLLECTION STATEMENT
Dorsett Hospitality International Limited, headquartered in Hong Kong, its parent, subsidiaries and affiliates, and their hotels (collectively referred to as "Dorsett", "we", "our" or "us") have created this statement to demonstrate our firm commitment to protect your privacy and to provide you with information in relation to the personal data Dorsett may collect from you as required by local laws and regulations and those of other applicable laws and regulations in the different jurisdictions that Dorsett may collect, use or transfer your personal data.
Dorsett may collect your personal data from time to time in its dealing with you, for example, when you complete forms and questionnaires or make enquiries in connection with the provision of products, services, activities or facilities by Dorsett at your request; register with Dorsett through our websites or other third party accounts; or enroll in the Dorsett loyalty program.
Depending on the purpose of the collection, the personal data Dorsett may collect from you includes but is not limited to your name, address, contact numbers, and email address. Personal data may also relate to other persons relevant to the information, products, services, activities or facilities you have requested. The provision of personal data or any information is voluntary and we may not use your personal data unless with your consent. However, if you do not provide the mandatory data required, we may not be able to process your enquiries or requests or provide you with the requested products, services, activities or facilities.
When using our services or participating in our events and activities, there are chances that you may, and by submitting this form, unconditionally agree to be photographed by our staff or other participants or guests.
Use of Personal Data
We may use your personal data collected by us for one or more of the following purposes from time to time: providing and processing your requests, reservations or bookings for our products, services, activities or facilities; providing you with access to all parts of our websites; direct marketing of products, services, activities or facilities by Dorsett and our related entities or business partners (you may elect to opt out from receiving any marketing materials - see below); conducting market research, surveys and analysis; processing your application for, and managing, operating and maintaining, membership of the Dorsett loyalty program; providing you with information on the activities and benefits of it; billing and debt collection; dealing with your suggestions, enquiries or complaints; communicating with you generally; preventing, detecting or investigating suspicious or illegal activities; and meeting legal and regulatory requirements and/or making disclosure when required by any law, court order, direction, code or guideline applicable in or outside Hong Kong.
Transfer of Personal Data
Your personal data held by Dorsett will be kept confidential. Except with your prior consent or as required by law, we will not transfer or disclose your personal data to any third party except to our subsidiaries, associated companies and/or business associations; our service providers, data processors or advisors in connection with our operations and our provision of your requested products, services, activities or facilities; and those as required by any applicable laws, rules or regulations, subject to a duty of confidentiality.
We endeavour to deal only with responsible third parties but as we have no control over the acts of such third parties for example the data processors, the privacy protection stated in this statement ceases to apply to any information which is disclosed to such third parties in accordance with this statement and we assume no responsibility for the privacy protection provided by such third parties.
If you wish to exercise any such right, please contact our Director of Loyalty Marketing at Loyalty.firstname.lastname@example.org or by post to “18/F., Far East Consortium Building, 121 Des Voeux Road Central, Hong Kong”. If you are in the EU, our postal address is “Ground Floor, 12 Stanhope Gate, London, England W1K 1AW”.
We have categorised this Statement and Policy by major processes and areas so that you can review the information of most interest to you:
Please read this Statement and Policy carefully before submitting any Personal Data to us. If, after reviewing this Statement and Policy you have any privacy questions or concerns or would like to exercise your rights under this Statement and Policy, please send your request and/or question in writing to our Director of Marketing at email@example.com or by post to the following address:
Dorsett Hospitality International
18/F., Far East Consortium Building
121 Des Voeux Road Central
Central, Hong Kong
If you are in the EU, our postal address is:
Dorsett Hospitality International
Ground Floor, 12 Stanhope Gate,
London, England W1K 1AW
Please allow us 30 days to process your request.
Except for direct marketing, use of our websites, namely www.dorsett.com, www.dorsetthotels.com, www.dcollection.com, www.silkahotels.com (collectively, “Websites”), signifies your consent to this Statement and Policy, including the collection and use of your Personal Data as described in this Statement and Policy. We reserve the right to change, modify or amend this Statement and Policy from time to time. Any changes will be included in the latest Statement and Policy published on our Websites so that you will always understand our current practices with respect to the information we gather, how we might use that information and disclose that information to third parties. You will know when this Statement and Policy was last updated by looking at the date at the top of this Statement and Policy. Any changes to this Statement and Policy will become effective upon its posting on our Websites. Continued access and use of our Websites and/or services following any changes also constitutes your acceptance of the revised Statement and Policy then in effect. Nevertheless, we will seek your consent to any substantial changes if required by relevant laws and regulations or any changes made to the use of Personal Data you provided to us in a manner different from that stated at the time of collection.
Purposes of collecting your Personal Data
We limit the collection, use and retention of your Personal Data to the specific information we need. We might use your Personal Data collected from you or gathered from our Websites, strictly for the performance of our agreements with you and for our legitimate purposes such as:
- to communicate with you generally;
- to deal with your suggestions, enquiries or complaints;
- to process, confirm, provide and charge for hotel arrangements and restaurants and our goods and services;
- to administer, support, improve and develop our business;
- to disclose the winner of contests conducted by us or on our behalf,
- to provide you with quality service;
- to provide you with access to all parts of our Websites;
- to conduct market research, surveys and analysis so as to provide you with better products and services;
- to provide for the safety and security of our guests;
- to prevent, detect or investigate suspicious or illegal activities;
- to meet legal and regulatory requirements and administer general record keeping;
- to process your application for, and manage, operate and maintain, membership of the Dorsett loyalty program, and to provide you with information on the activities and benefits of it; and
- to adhere to applicable laws, court orders, directions, codes or guidelines.
Unless you have expressly opted not to participate when providing us with your Personal Data, we may share these with our carefully selected partners or merchants.
Also when using our services or participating in our events and activities, there are chances that you may be photographed by our staff or other participants or guests. By accepting our services or submitting the application to participate in such events and activities, you unconditionally agree to be photographed, and further agree to the use and/or uploading of such photographs by us on our Websites and/or our promotional and marketing materials.
Where you have consented, we might also use your Personal Data for direct marketing purposes, for example, we will periodically contact you by post or via email and provide information about our special offers and promotions that may be of interest to you. If you have changed your mind in receiving such promotional materials, please let us know.
Personal Data we collect and how we use it
You are always offered options as to whether to provide your Personal Data to us and/or our business partners during our collection of your Personal Data. The provision of Personal Data or any information is voluntary and we may not use your Personal Data unless with your consent. However, if you do not provide the mandatory data required, we may not be able to process your enquiries or requests or provide you with the requested products, services, activities or facilities.
2.1 Anonymous Browsing
Visitors to our Websites do so on an anonymous basis. We do not collect Personal Data from you unless you voluntarily and knowingly provide us, for example when you reach our Websites through our electronic direct mail, or where you have created a profile or account under our Websites and/or when you are making inquiry, reservations/bookings..
2.2 Making a room reservation and check in at our hotels
If you would like us to make a reservation at one of our hotels, we will request for your Personal Data for payment purposes and to administer our business. We may also ask for your travel details and room preferences to better prepare ourselves for your arrival and to serve you better before your departure. Such Personal Data will be made available to the applicable hotel for the purpose of completing your reservation request. If reservation is made through our Websites, such Personal Data will be passed via a third-party system to our hotel operating systems under data encrypted environment. We may also need to collect certain Personal Data as required by local laws such as passport numbers, type of entry visa and driver’s licence.
The same type of Personal Data may be requested when you make any online enquiries.
We will also use your email address to send an email confirmation of your booking, and a pre-arrival message summarising your confirmation details and preferences. Such pre-arrival message will include other information about the hotel, the area and the weather.
Upon check in, your Personal Data will be verified by our staff and you will be requested to indicate whether you wish to opt-in and receive hotel promotional literature. With your consent, we may also make certain Personal Data available to strategic business partners such as mail houses and email service providers for the sole purpose of mailing and dissemination of promotional materials for us only such as invitation to participate our online survey and/or with promotion materials for your next booking. Your Personal Data will not be shared with third parties for their own marketing purposes.
If you are making reservation through Wifi or any other wireless internet connection, you should understand and accept the risk of entering personal data through these internet connection methods, which is out of our responsibility. Data encryption process begins when you arrive and accept the secure sockets layer (“SSL”) certificate at the booking engine page and when data is passing from the third-party payment card industry (“PCI”) compliant central reservation system to our PCI compliant operating systems. Please bear in mind that no security system or system of transmitting information over the internet is guaranteed to be secure.
2.3 Making a room reservation by calling us
You can make a reservation by calling one of our hotels. When making a reservation, you will be asked to provide your Personal Data for payment purposes and to administer our business. If you choose to provide us with your email address, a confirmation and a pre-arrival message of your reservation will be sent to you by email.
2.4 During your stay at our hotels
We record your itemised spending to properly assemble your folio during your stay, which includes your room rate and other expenses billed to your room. We also record the information to comply with financial reporting requirements and those imposed by our auditors and government authorities. In order to assure your future comfort and attention to your individual needs, other stay specific information may also be stored in the property management system, such as your food and beverage preferences and other special requests. Certain information regarding your service preferences may be made available to our other hotels through our central database.
2.5 Accessing our websites from mobile devices
You can access our Website from mobile devices to find our hotels and/or restaurants and make a reservation. When you make a reservation using mobile devices, you may need to provide certain Personal Data for guarantee purposes. You should understand and accept the risk of entering your Personal Data through WiFi or any wireless internet connection, which is out of our responsibility. Please bear in mind that no security system or system of transmitting information over the internet is guaranteed to be secure.
2.6 Creating and updating your account information
For hotel related services, upon completing an online room reservation, you can set up, review or update your information online. When enrolling for our newsletter or loyalty program, you will be required to provide certain Personal Data such as name, email address, mailing address, room preferences and service requests. Such Personal Data will be stored in our email marketing tool service provider which follows a strict data privacy law and be used strictly by our business units for communication to subscribers and marketing promotion only. Please bear in mind that no security system or system of transmitting information over the internet is guaranteed to be secure.
2.7 Food and beverage outlet reservations
We collect your Personal Data when you make a reservation at our food and beverage outlets. If you are a repeat guest at our food and beverage outlets or have filled out our food and beverage questionnaire, we may store your Personal Data in our databases used by our business units’ operation to serve you better upon your return.
2.8 Non-hotel related services
For our non-hotel related operations including but not limited to residential and commercial leasing, we may ask for your Personal Data for payment purposes and administer our business. With your consent, we might also offer various related products or services that may be of interest to you as a patron, tenant or club member.
2.9 Third Party Providers
This Statement and Policy does not apply to our processing of your Personal Data on behalf of third party providers who may collect your Personal Data from you and provide it to us. In this situation, we would merely act as a data processor and thus you should review applicable third party providers’ privacy policies before submitting your Personal Data to them.
2.10 Fraudulent emails
Please note that we will never send you an email requesting your Personal Data, for example password, credit card number or passport, personal identity card or social security number. If you receive any suspicious emails that look like they are from us but ask for your Personal Data, it is likely a fraudulent email or ‘phishing’. We recommend that you do not reply to the email or click onto any links or pop-up messages and report to the local authorities which handle fraudulent emails. If you believe ‘phishers’ have gained access to your Personal Data or financial information, we recommend that you change your password(s), alert your credit card service provider and bank and review credit card and bank account statements to check for unauthorised charges.
2.11 Unsecure communication
It is important to note that all email communication is not secure. There is a risk inherent in the use of email. Please be aware of this and when requesting information or sending forms to us by email, or when using email or using any public computers/public Wifi, we recommend that you do not include any Personal Data or sensitive information including credit card details. Our email responses to you may not include any sensitive or confidential information. Please bear in mind that no security system or system of transmitting information over the internet is guaranteed to be secure.
This Statement and Policy is updated as required to reflect any changes in applicable laws and developments in best practice procedures. Further, we limit the access to your Personal Data and only share your Personal Data with our internal staff who are directly involved in the process of providing quality service to you.
How we store and transmit data?
All Personal Data gathered are stored in our secure server and all practicable steps have been taken to ensure that your Personal Data is protected against unauthorised or accidental access, disclosure or alteration and to keep such Personal Data up to date. However, we cannot be held responsible for unauthorised or accidental access which is beyond our control.
4.1 Our databases and operating & marketing systems
We store your Personal Data in our databases used by operation and marketing systems. These systems, owned and managed by us or by selected third party vendors, are carefully selected to secure your Personal Data. Systems with databases that will be storing credit card information are PCI compliant. We may also store other information such as your room, food and beverage, other preferences and transaction history. This information may be shared and/or used by our business units for research, understanding and analysing customer behaviour and customer profiling to enhance customers’ experience and communication with them prior to, during, and after the stay. Laws and regulations applicable to Personal Data protection vary by country, therefore we may put in place additional measures that vary depending on the applicable legal requirements.
From time-to-time, we may request Personal Data from you through contests. Participation in these contests is completely voluntary and you have a choice whether or not to disclose your Personal Data. They may include contact information (such as name and address), and demographic information (such as zip code, age level). Contact information gathered from contests will be used to notify the winners and award prizes. Demographic information will be used for purposes of monitoring and improving your experience on our Websites.
We may co-sponsor some contests on our Websites with other companies. If you enter one of these contests, our co-sponsor may receive or collect your Personal Data. In such cases, we will tell you who is collecting your Personal Data, how our co-sponsor may use the information and how you can contact our co-sponsor.
4.3 Secure transmission and storage of data
We treat all the Personal Data that you provide to us as confidential information. We use an industry standard for encryption over the internet, to protect your Personal Data. When you type in your Personal Data such as credit card details, it will be automatically encrypted and transferred over a SSL connection. This ensures that your Personal Data is encrypted as it travels over the internet. You will know that you are in a secure mode when the security icon (such as a lock) appear in the window browsers.
4.4 Data transmission across international borders
As a global company, we endeavour to provide you with the outstanding services. To achieve this goal, we have established a global network comprised of properties, offices, trusted service providers, and trained associates in locations where we operate. The nature of our business and our operations require us to transfer your Personal Data to other group companies, properties, centers of operations, data centers, or service providers that may be located in countries outside of your own for the purposes mentioned in this Statement and Policy. Although the data protection and other laws of these various countries may not be as comprehensive as those in your own country, we will take appropriate steps to ensure that your Personal Data is protected and handled as described in this Statement and Policy. Therefore, in addition to the implementation of this Statement and Policy, we will implement, where necessary appropriate measures, including contractual clauses, to secure the transfer of your Personal Data to recipients (which may be our internal or external parties) located in a country with a level of protection which may be different from the one existing in the country in which your Personal Data is collected.
Please note that we endeavor to deal only with responsible third parties, but we have no control over the acts of these third parties This Statement and Policy ceases to apply to any information which is disclosed to such third parties in accordance with this Statement and Policy and we assume no responsibility for the privacy protection provided by such third parties.
4.5 Disclosure of information to third parties
In addition, we use the services of third party agents, such as email service providers and mail houses for the purpose of mailing materials to you. These parties are contractually prohibited from using your Personal Data for any purpose other than for the purpose specified in their respective contracts. We do provide non-Personal Data to certain service providers for their use on an aggregated basis for the purpose of performing their contractual obligations to us. We do not permit the sale of Personal Data to business units/entities not owned by, managed by, and/or affiliated with us for any use unrelated to our group operations or use of Data by third party for their own purposes. We will implement, where necessary appropriate measures, including contractual clauses, to secure the transfer of your Personal Data to the third party service providers located in a country with a level of protection though different from the one existing in the country in which your Personal Data is collected.
Email about special offers and promotions
When you indicate that you would like to receive promotional material either on a guest registration card or when you subscribe for our newsletter, or patronise our restaurants and provide your email address to us specifically and expressly consent to receive marketing communications, we will periodically contact you via email and provide information about special offers and promotions that may be of interest to you. These communications will relate to offers relating to us and our restaurants as well as other services operated by us. We typically use third party email service providers to send emails. These service providers are contractually prohibited from using your email address for any purpose other than to send emails related to our operations. Your Personal Data will not be shared with third parties for their own marketing purposes.
How long will Data be retained for?
Your Personal Data will be stored by us for the period of time required or permitted under relevant laws and regulations or when it is no longer necessary in relation to the purposes for which they were collected or otherwise processed. However, credit card data will be removed based on PCI compliance requirements.
8.1 Right to access to and/or correction of your Personal Data
You have the right to make a request to us on whether we hold or are processing your Personal Data and if so, what kind of Personal Data is held by us, the purposes of using such kind of Personal Data, to whom we have transferred your Personal Data and be supplied with a copy of your Personal Data. You are also entitled to make necessary correction(s) to your Personal Data held by us. In order to protect your Personal Data, we might require you to prove your identity which may consist of your name, contact number, passport or other identification document details so that we can check them against our records and satisfy ourselves as to your identity. However, we may refuse to comply with your request if you fail to provide us verification information or with reference to relevant laws and regulations. The mentioned Personal Data is required to create an audit trail of how the request has been handled. Where a request is made, any correspondence or application may be kept and added to your Personal Data. In any case, please allow us 30 days to process.
8.2 Right to restriction of processing
You have the right under relevant laws and regulations to block or suppress our processing of your Personal Data, for example, when you contest the accuracy of your Personal Data in our record, you object to the processing and/or you require your Personal Data to establish, exercise or defend a legal claim etc.
8.3 Right to data portability
You have the right to receive your Personal Data in a structured, commonly used and machine-readable format if the process is carried out by automated means and, where technically feasible, the right to have your Personal Data transmitted from us to another data controller.
8.4 Right to unsubscribe or opt-out
We will not use your Personal Data for direct marketing purposes unless with your consent either on a guest registration card, on the application form, through our website, or when you subscribe for our newsletter, or patronise our restaurants and provide your Personal Data to us specifically and expressly for receiving marketing communications. If, at any time, you would like to unsubscribe or opt-out from any of the marketing communications, kindly contact us. Please allow us 30 days to process your request.
8.5 Right to be forgotten
Once you have withdrawn your consent, we will erase your Personal Data. We will also erase your Personal Data when it is no longer necessary in relation to the purposes for which they were collected or otherwise processed unless such erasure is prohibited under relevant laws and regulations. However, we may not be able to continue providing services to you if you ask us to delete your Personal Data entirely to the extent we can do so under relevant laws and regulations.
Notifications in the event of breach
In an unlikely event of Personal Data breach, where feasibly and applicable under relevant laws and regulations, we will, within 72 hours after having become aware of such breach, notify the relevant supervisory authority. We are also prepared to follow relevant laws and regulations which would require us to notify you without undue delay after having become aware of such breach.
Links to other sites
Policy on people under the age of 18 and minors
Our Websites are not intended for persons under the age of 18 and minors. We do not and will not knowingly solicit or collect Personal Data from them. As a parent or legal guardian, please do not allow any person under the age of 18 and minors to submit their Personal Data without your permission.
Should you have any comments on this Statement and Policy or Personal Data protection, please contact us. You may also lodge your complaints with a supervisory authority in your country.
This Statement and Policy is designed to provide compliance with all relevant applicable laws and regulations, in particular those our businesses are subject to. We recognize that certain laws and regulations might be modified to require more stringent standard than those described in this Statement and Policy, in which case the more stringent standards shall apply. If applicable laws and regulations provide for a lower level of protection of Personal Data than this Statement and Policy, then this Statement and Policy shall prevail.
As an international business with operations in different parts of the world, we may need to disclose your Personal Data when required by relevant law or court order, or as requested by other government or law enforcement authorities. This also applies when we have reason to believe that disclosing your Personal Data is necessary to identify, investigate, protect, contact or bring legal action against someone who may be casing interference with our guests, visitors, associates, rights or properties (including our Websites), or to others, whether intentionally or otherwise, or when anyone else could be harmed by such activities.