Privacy Policy

Last Updated: 30 May 2018

 

This is the Privacy Policy for Harilela Hotels (S) Pte Ltd trading as Holiday Inn® Singapore Orchard City Centre (Hereinafter referred to as “our”, the hotel”, “us” and “we”).

We are a corporation registered in the Republic of Singapore with company number 198002635K and a registered office at 11 Cavenagh Road, Singapore 229616. For the purpose of the General Data Protection Regulation (“GDPR”), we are the data controller. Our data protection officer can be contacted at  (to advise DPO’s email).

We collect, uses and disclose Guest Data (as defined below) in order to provide you with a safe, smooth, efficient and customised experience with us. The collection, use and disclosure of Guest Data enable us to provide services and products that are most likely to meet your needs and requirements. This Privacy Policy outlines our policy and responsibility in relation to the collection, use and disclosure of Guest Data.

By continuing to use our services, you signify that you have read and understood this Privacy Policy.

 

SUMMARY

What information do we collect about you?

We collect information when you purchase room nights or other products on our brand website, independent website (desktop and mobile) or when you stay with us, such as your contact details, travel information and credit card details. We also collect information about your preferences from your interactions with our service team members, and from specific requests you make.  In addition, we collect device and technical information from you when you use our brand website, independent website (desktop and mobile).

How will we use the information about you?

We use your information to fulfil our contract of hospitality with you, to administer your membership with our loyalty programmes including but not limited to IHG Rewards Club, IHG Business Rewards and Gourmet Collection. We also use your information to maintain our brand website, independent website (desktop and mobile), and to tailor our products and services to your preferences to provide the best service possible. In addition we use your information to market our products and services to you, and those of our partners and agents (with your consent where required by applicable law). 

Who do we share your information with?

We share your data with our third party service providers to the extent necessary for them to provide their services such as payment processor and relevant employees only on a need-to-know basis as well as government bodies only when required by law.

Where do we process your information?

Our servers are located in Singapore where our staff and offices are located.

How long do we keep hold of your information?

We retain your information for as long as it is necessary to fulfil the purpose for which it was collected, the legal or business purposes of the hotel, or as required by relevant laws. We will usually keep your Guest Data for up to 7 years to ensure that any contractual disputes can be addressed. For EU residents, we will endeavour to delete data within 30 days of a request for erasure or contact you if it will take longer. 

Dispute Resolution

If you have any concerns or complaints, please contact us at marcoms.hisinorchard@ihg.com

How will we notify you of changes?

We will amend this Privacy Policy from time to time and the updated versions will be posted on our independent website and date stamped so that you are aware of when the Privacy Policy was last updated. Please check back frequently to see any updates or changes to this Privacy Policy. If we make any material changes to this Privacy Policy, we will provide notice through an email announcement.

 

General Guest Data privacy policy statement

1. The types of Guest Data we collect

The types of Guest Data that we collect depend on the circumstances of collection and on the nature of the service requested or transaction undertaken.

There are two broad categories of Guest Data that we collect:

• Personal Data. The data we collect includes but is not limited to:

(i) Personal information that can be used to identify an individual, such as name, gender, date of birth, passport or other personal identification numbers;

(ii) Contact information, such as mailing address, phone number, email address;

(iii) Payment information, such as credit or debit card information, including the name of cardholder, card number, billing address and expiry date;

(iv) Stay information, such as reservation confirmation number

(v) Information on your other purchases made through our hotel, such as tracking your purchases of extra bed(s), paid upgrades and other purchases made through our brand and independent website. 

(vi) your guest preferences, such as dietary restrictions or other service preferences;
(vii) information about your in-hotel Wi-Fi usage and how much data was utilised for your Wi-Fi sessions;

(viii) information about your interactions with our employees, such as the details of any complaint cases, call details, and other information relevant to assist our team to service you;

(ix)  Information we receive from the queries you enter into our chatbot, Kris on our global Facebook page and Website (as defined below);

(xi) Information we receive from room bookings made via our online corporate booking platform; 

(xii) Information we receive from other sources e.g. our page on social media websites; and

(xiii) business contact information, such as the contact details of the employees of our vendors and corporate clients, as well as the contact details collected by our operation and administrative divisions

Technical Data. This includes device and technical information you give us when using our website (desktop and mobile) such as IP addresses or other unique identifiers, cookies, mobile carrier, time zone setting, operating system and platform.

For purposes of this policy statement, Guest Data means Personal Data and Technical Data.

We also use Guest Data to derive Statistical Data, such as the number of guests. This is processed and stored purely for analytical purposes, and is entirely anonymous. This information will not be stored to your guest record, and will only be aggregated for statistical analysis so that we can better understand our guest profile and enhance our service offering. 

 

Special categories of information or “sensitive personal data”

Certain categories of Guest Data, such as information about your race, ethnicity, religion or health, are considered special categories of information, or “sensitive personal data” under the GDPR.

Generally, we try to limit the circumstances where we collect your sensitive personal data. However, this can occasionally occur because you have made certain requests in connection with your stay arrangements that reveal or suggest something about you that could be considered “sensitive personal data”, or if you otherwise choose to provide such information to us (or a third party such as the travel agent through which you made your booking).

For example:

• if you request a particular type of meal, e.g. halal or kosher meals, this may imply or suggest that you are a member of a particular religion; or

• if you request specific medical assistance from us and/or a local operator, e.g. the provision of a wheelchair, this may reveal that you have a particular medical condition.

How we collect data from you

We collect Guest Data, either directly from you or from your authorised representatives (i.e. persons whom you have authorised and/or persons who have been validly identified as being your authorised representative (e.g. your organisation’s corporate travel manager) pursuant to our then-current security procedures).

The hotel also collects Guest Data from third parties which are located in various countries. This includes, but is not limited to, travel agents, our partners, our service providers, or through our brand and independent website, mobile services, any posts on our hotel-specific pages on social media websites and other channels including online travel agencies (OTAs)

Where you make reservations on behalf of another person, you undertake and will ensure that the individual whose Guest Data is supplied to us has authorised the disclosure, is informed of and agrees to the provisions of this Privacy Policy.

 

2. Is the provision of Guest Data required?

The collection of the following types of Guest Data is mandatory to enable us to fulfil our contract of hospitality with you. These types of Guest Data are marked as mandatory on our booking form. If you do not provide this information, we will not be able to provide you with our services and/or products required.

• Guest details, e.g title, first/given name, last/family name, date of birth, whether you are an EU resident.

• Contact details, e.g. email address, mobile phone number, home number or business number.

• Payment details, e.g. the name on the credit or debit card, the credit or debit card number, expiry date and card verification value on the credit or debit card, and billing address which will be transmitted to our payments processors.

The collection of the following types of Guest Data is mandatory to enable us to administer your membership with IHG Rewards Club, IHG Business Rewards, Gourmet Collection: (i) title; (ii) last/family name; (iii) first/given name if you do not have a last/family name; (iv) date of birth; (v) email address; (vi) mobile phone number; (vii) mailing address; (viii) gender; (ix) nationality; and (x) whether you are an EU resident.

These types of Guest Data are marked as mandatory on our sign up form. If you do not provide this information, you will not be able to benefit from points accruals and membership tier benefits and we will not be able to provide you with our services and/or products required.

The failure to supply the following types of Guest Data will result in (i) we being unable to update you on our latest products and/or launches; and/or (ii) your inability to enter or participate in contests, promotions or redemption activities organised by the hotel:

• Contact Information e.g. email address, telephone number; and

• Country of residence.

 

3. How we use your Guest Data

If you are an EU resident, we are required to disclose the legal basis for processing your data under the GDPR. We will use the Guest Data in the following ways:

In accordance with our contract of hospitality with you, we will use the Guest Data to:

• Process and assist you with any transactions related to your booking (e.g., making a booking, providing services related to the booking (e.g., room selection, accommodation, etc.), fulfilling such booking and investigating potential fraudulent transactions);

• notify you about changes to our service, including through Electronic Direct Mail facility;  

As it is in our legitimate interests to be responsive to you, to provide customised services and marketing and to ensure the proper functioning of our products, services and organisation, we will use your Guest Data to:

• improve our independent website and to ensure content from the wtebsite is presented in the most effective manner for you and your device;

• administer the independent website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

• monitor and record calls for quality, training, legal compliance, analysis and other related purposes in order to pursue our legitimate interest to improve service delivery;

• send you surveys by email (including surveys related to our loyalty programmes, if you are a member, as detailed below). You can opt-out of receiving these surveys at any time by contacting us;

• send you service emails, such as reminders when you have not checked out your purchases on our Website. You can opt-out of receiving service emails at any time by contacting us;

• respond to your enquiries, requests or feedback;

• enforce our terms, conditions and policies;

• allow you to participate in interactive features of the independent website, when you choose to do so;

• customise our products and services to you, including by responding to and catering for your guest preferences; 

• keep the independent website safe and secure;

• Aggregate Guest Data into anonymised statistical data (such as number of guests staying during a specific time frame), which we will use for statistical analysis so that we can better understand our guest profile and improve our service offering;

• to customise our marketing e.g. send you targeted marketing on information you would like to receive, based on your responses to options on our independent website and your prior stay and interaction with the hotel. If you are an EU resident, you can object to this profiling and opt-out of receiving such targeting marketing.

• If you are an employee of an entity with a contractual relationship with us:

i. to contact you to perform our services, and in particular, to monitor and record calls for quality, training, legal compliance, analysis and other related purposes in order to pursue our legitimate interest to improve service delivery;

ii. Enforce our terms and conditions against your employer; and

iii. Communicate with you about products, services, promotions, events and other news and information we think will be of interest to you.

If you are an EU resident, you can object to this profiling and opt-out of receiving such targeted marketing.

With your consent where required by applicable laws, we will use your Guest Data to:

• send you marketing and promotional materials in relation to products and services offered by the hotel, its affiliated hotels and service partners, as well as IHG Rewards Club, IHG Business Rewards and Gourmet Collection.

 You have the right to withdraw your consent at any time by contacting us at marcoms.hisinorchard@ihg.com

 

4. Disclosure of your Guest Data

The hotel will share your Guest Data with any member of the InterContinental Hotel Group, which means our sister hotels locally and overseas  in order to better customise your preferences when you stay with any of our hotels.  

• For the purposes of undertaking targeted direct marketing and other forms of marketing or advertisement, provided we have the consent of the recipient and/or have provided the opportunity to opt-out, in each case where required by applicable law. We will also use and disclose your Guest Data to persons who have been validly identified as being you or your authorised representative(s) pursuant to our then-current security procedures, for the purpose of the relevant transaction or enquiry. The hotel will disclose your Guest Data to law enforcement agencies, public or regulatory authorities, securities commissions or other organisations for security, customs and immigration purposes, if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:

• comply with legal obligation, process or request;

• enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;

• detect, prevent or otherwise address security, fraud or technical issues; or

• protect the rights, property, health or safety of us, our users, a third party or the public as required or permitted by law (including exchanging Guest Data with other companies and organisations for the purposes of fraud protection and credit risk reduction).

We will also disclose your Guest Data to third parties: 

• to comply with legal obligations, processes or requests (such as disclosing Guest Data to executors in response to court orders).

In addition, the hotel may disclose Guest Data to our legal advisors for establishing, exercising or defending our legal rights, to our other professional advisors, or as otherwise authorised or required by law. The hotel also reserves the right to share Guest Data as is necessary to prevent a threat to the life, health or security of individual or corporate entities such as the hotel itself. Further, the hotel will disclose Guest Data, as is necessary, to investigate suspected unlawful activities including but not limited to fraud, intellectual property infringement or privacy.

 

5. Non-EU Data Subject Rights

If you are not a resident in the EU, you may have certain rights in relation to the Guest Data we hold about you, which we detail below.

Access.

You have the right to know whether we process Guest Data about you, and if we do, to access Gues Data we hold about you and certain information about how we use it and who we share it with.

Where permitted by law, the hotel reserves the right to charge a reasonable administrative fee for this service. In exceptional circumstances, the hotel reserves the right to deny you access to your Guest Data and may provide an explanation as required by applicable laws.

Exceptional circumstances include (to the extent allowable under applicable law) where:

• An investigating authority or government institution objects to the hotel complying with a guest’s request;

• The information may, in the exercise of the hotel’s reasonable discretion and/or assessment, affect the life or security of an individual; and

• Data is collected in connection with an investigation of a breach of contract, suspicion of fraudulent activities or contravention of law.

Correction. 
You have the right to correct any Guest Data held about you that is inaccurate.

Feedback and complaints

If you have any concerns, feedback or complaints about the use and/or sharing of your Guest Data, we are open to receiving your feedback or complaints.

Exercise of Rights.

To exercise any of your rights, please use the following form: Data Privacy Rights Form (hyperlinked) and submit it to marcoms.hisinorchard@ihg.com

6. EU Data Subject Rights

If you are a resident in the EU, you may have certain rights in relation to the Guest Data we hold about you, which we detail below. Some of these only apply in certain circumstances as set out in more detail below. We also set out how to exercise those rights.

These rights include:

• The right of access. 

• The right of data portability. 

• The right of rectification. 

• The right of erasure. 

• The right to restrict processing. 

• The right to object. 

Please note that we will require you to provide us with proof of identity before responding to any requests to exercise your rights. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please use the following form: Data Privacy Rights Form (hyperlinked) and submit it to marcoms.hisinorchard@ihg.com

Complaints.

In the event that you wish to make a complaint about how we process your Guest Data, please contact us and we will endeavour to attend to your request as soon as possible. This is without prejudice to your right to launch a claim with your data protection authority.

Access.

You have the right to know whether we process Guest Data about you, and if we do, to access Guest Data we hold about you and certain information about how we use it and who we share it with.

If you require more than one copy of the Guest Data we hold about you, we may charge an administration fee.

We may not provide you with certain Guest Data if providing it would interfere with another’s rights (e.g. where providing the Guest Data we hold about you would reveal information about another person) or where another exemption applies.

Portability.

You have the right to receive a subset of the Guest Data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such Guest Data to another party.

The relevant subset of Guest Data is data that you provide us with your consent (please see here for the types of GuestData we process on the basis of your consent  or for the purposes of performing our contract with you.

If you wish for us to transfer the Guest Data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the Guest Data or its processing once received by the third party. We also may not provide you with certain Guest Data if providing it would interfere with another’s rights (e.g. where providing the Guest Data we hold about you would reveal information about another person). 

Correction.

You have the right to correct any Guest Data held about you that is inaccurate. Please note that whilst we assess whether the Guest Data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.

To exercise any of your rights, please use the following form: Data Privacy Rights Form (hyperlinked) and submit it to marcoms.hisinorchard@ihg.com

 

Erasure.

You may request that we erase the Guest Data we hold about you in the following circumstances:

• you believe that it is no longer necessary for us to hold the Guest Data we hold about you;

•  we are processing the Guest Data we hold about you on the basis of your consent and you wish to withdraw your consent and there is no other ground under which we can process the Guest Data;

• we are processing the Guest Data we hold about you on the basis of our legitimate interest and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is an overriding interest for us to retain such Guest Data;

• you no longer wish us to use the Guest Data we hold about you in order to send you promotions, special offers, marketing and lucky draws; or 

• you believe the Guest Data we hold about you is being unlawfully processed by us.

Also note that you may exercise your right to restrict our processing of the Guest Data whilst we consider your request as described below.

Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. However, we may retain the Guest Data if there are valid grounds under law for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case.  Please note that after deleting the GuestData, we may not be able to provide the same level of servicing to you as we will not be aware of your preferences.

Where you have requested that we erase Guest Data that we have made public and there are grounds for erasure, we will use reasonable steps try to tell others that are displaying the Guest Data or providing links to the Guest Data to erase the Guest Data too.

To exercise any of your rights, please use the following form:  Data Privacy Rights Form (hyperlinked) and submit it to marcoms.hisinorchard@ihg.com


 

Restriction of Processing to Storage Only.

You have a right to require us to stop processing the Guest Data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the Guest Data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).

You may request we stop processing and just store the Guest Data we hold about you where:

• you believe the Guest Data is not accurate, for the period it takes for us to verify whether the Guest Data is accurate;

• we wish to erase the Guest Data as the processing we are doing is unlawful but you want us to just store it instead;

• we wish to erase the Guest Data as it is no longer necessary for our purposes but you require it to be stored for the establishment, exercise or defence of legal claims; or

• you have objected to us processing Guest Data we hold about you on the basis of our legitimate interest and you wish us to stop processing the Guest Data whilst we determine whether there is an overriding interest in us retaining such Guest Data.

 

Objection.
At any time you have the right to object to our processing of Guest Data about you in order to send you promotions, special offers, marketing messages, including where we build profiles for such purposes and we will stop processing the Guest Data for that purpose. 

You also have the right to object to our processing of Guest Data about you and we will consider your request in other circumstances as detailed below by using the following form: Data Privacy Rights Form and submit it to marcoms.hisinorchard@ihg.com

You may object where we are processing the Guest Data we hold about you (including where the processing is profiling) on the basis of our legitimate interest and you object to such processing.

Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. Also note that you may exercise your right to request that we stop processing the Guest Data whilst we make the assessment on an overriding interest by indicating this in our Data Privacy Rights Form

 

7. Retention

We will retain Guest Data for as long as it is necessary to fulfil the purpose for which it was collected, the legal or business purposes of the hotel, or as required by relevant laws. We will usually keep your Guest Data for up to  7 years to ensure that any contractual disputes can be addressed. This includes standing requests which contain sensitive personal data about yourself, e.g. a standing request that you wish to receive a halal meal or a wheelchair at the hotel. You can amend your standing request at any time to change your preferences in the future.

If you opt-out or withdraw your consent to marketing, we will remove you from our marketing database.

8. Accuracy

The hotel needs your assistance to ensure that your Guest Data is current, complete and accurate. As such, please inform the hotel of changes to your Guest Data by contacting us and submitting your updated particulars to the hotel in writing (see Section 13).

We will also request Guest Data updates from you from time to time. As detailed above, your reservation information and itinerary will be disclosed to the appropriate customs and immigration authorities as required by law. As such, it is important to ensure that the Guest Data contained in your booking information is current, complete and accurate.

9. Security safeguards

The hotel takes the protection of your Guest Data seriously but, unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Guest Data, we cannot guarantee the security of your Guest Data transmitted through the Website; any transmission is at your own risk.

10. Links to other websites

The hotel may, from time to time, provide you with links to other websites for your convenience and information. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. You access these websites at your own risk and the hotel is not responsible for these websites. Whilst the hotel will protect your Guest Data on our independent website, the hotel cannot control or be responsible for the policies of other sites we may link to, or the use of any Guest Data you may share with them. Please note that the hotel’s Privacy Policy does not cover these other websites, and we would recommend that you are apprised of their specific policies.

11. Minors

The hotel’s independent website is not directed at children under the age of 16 and the hotel cannot distinguish the age of persons who access and use our independent website. If a minor (according to applicable laws) has provided the hotel with Guest Data without parental or guardian consent, the parent or guardian should contact the hotel (see Section 13) to remove the relevant Guest  Data and unsubscribe the minor. If we become aware that Guest Data has been collected from a person under the age of 16 without parental or guardian consent, we will delete this Guest Data and, where that minor has an account, terminate the minor’s account.

12. Updates to the privacy policy

The hotel will amend this Privacy Policy from time to time, and the updated versions will be posted on the hotel’s independent website and date stamped so that you are aware of when the Privacy Policy was last updated. Please check back frequently to see any updates or changes to this Privacy Policy. If we make any material changes to this Privacy Policy, we will provide notice including by way of a an email announcement. Subject to applicable laws, the English version of this Privacy Policy will prevail over any version of this Privacy Policy in another language.

13. Contact us

If you have comments, questions or complaints about or requests relating to this Privacy Policy statement, please contact the hotel in writing at the address below referencing ‘Privacy Policy':

 

Harilela Hotels (S) Pte Ltd trading as Holiday Inn® Singapore Orchard City Centre DPO                                                                    

11 Cavenagh Road                                                                                                                                                                                

Singapore 229616

Or email marcoms.hisinorchard@ihg.com referencing: Privacy Policy.