PRIVACY POLICY

1. PRIVACY POLICY – GENERAL
1.1 INTRODUCTION

We respect the privacy of all our customers and business partners, and treat personal information provided by you to us as confidential. “We”, “us”, “ourselves” and “our Group” refers to Langham Hotels International Limited and its affiliates directly involved in the group’s management and operations of properties around the world, including hotels, residences, outlets, local management entities and sales offices in the following jurisdictions: Australia, Canada, European Union, Hong Kong Special Administrative Region, Indonesia, Mainland China, Middle East, New Zealand, Singapore, Thailand, United Kingdom, and United States of America. In particular, Langham Hotels International Limited processes your personal information for the purposes set out in this Privacy Policy and is the controller of customer personal information; and Langham Hotels (Shanghai) Company Limited (an affiliate of Langham Hotels International Limited and Brilliant Loyalty Program Limited) is the regional Mainland China management entity and, together with Langham Hotels International Limited, are the controllers of customer personal information as set out in section 4 “Notice to Mainland China Residents”; and Brilliant Loyalty Program Limited (an affiliate of Langham Hotels (Shanghai) Company Limited and Langham Hotels International Limited) operates the loyalty programme and is the controller of the personal information of loyalty programme members. Guest and members’ personal information will also be shared with other entities within the Group for the purpose of operating the loyalty programme and providing goods and services to its members in accordance with this Privacy Policy.

Please read this Privacy Policy (together with the country specific portions applicable to you) and any other privacy notice or fair processing notice we may provide on specific occasions carefully, as it is meant to help you understand what information we collect, why we collect it, and how you can manage it.

This Privacy Policy supplements and updates any other policies, notices or statements that we may have provided you, and is not intended to override them.

 

1.2 HOW WE GET THE INFORMATION ABOUT YOU

In order for us to operate effectively, we may collect information about you, whether as hotel guests, loyalty programme members, website visitors or contact for any other purposes, where personal information is provided to us that can identify you as an individual.

Your personal information can come to us via various channels, including but not limited to:

Personal information provided directly by you

  • Through your use of our products and services – such as when you make a reservation, stay as a guest or visit the hotels, restaurants, spa or facilities managed by us
  • When you submit enquiries to us or provide us with your feedback
  • When you participate in our promotional offers, competitions or surveys
  • As a member of our loyalty programmes

Data we collect when you use our Websites and Apps

  • When you browse and interact with our website and/or use any mobile applications including WeChat mini program (“mobile App”) that we may make available - such as make a booking via our Online Reservation system, make an inquiry, sign up for newsletter subscription or make brochure requests or download and use our mobile Apps

Information we receive from third parties or public sources

  • We may receive information from third party organisations, such as partners we work with, where you have provided your consent to that information sharing taking place or where we have a legitimate interest to use the personal information in order to provide you with our products and services

 

1.3 WHAT INFORMATION ABOUT YOU DO WE COLLECT AND WHY

We may collect, use, store and transfer different kinds of personal information about you depending on our relationship with you and where you are located, this information may include:

Identity details: such as your name, gender, age, date of birth, nationality, and identification document information (including passport, identity card, driver’s licence or other official government documentation)

Contact Details: personal and work contact details (addresses, emails and telephone numbers)

Payment and credit card information: such as bank accounts, name of cardholder, credit card number, credit card billing address and expiry date

Guest stay information and lifestyle information: such as hotels where you have stayed, arrival and departure dates and times, room preferences, leisure activities, names and ages of children, observation of your services preference, and other information necessary to fulfil special requests, your goods and/or services purchase information (including delivery address in case of purchasing goods), history and/or language preference. Information, feedback or content you provide regarding your interests and preferences

Profile Information: includes loyalty programme member information (including membership number and membership tier), online account details, profile or password details

Technical Information: includes information from our security systems such as from our closed-circuit television system, card key, internet login and firewalls

Usage data: includes information about how you use and interact with our website and mobile Apps and the services you use (such as IP address and web browsing information), your fingerprint or facial verification results if you use fingerprint or facial information to unlock or sign in the mobile App or use functions such as payment verification, as well as your location data if you permit us to access it on the website or mobile App

Sensitive Personal Information: some of the personal information which you provide to us may be considered “sensitive personal information” under the privacy and data protection laws in specific jurisdictions – such as personal information from which we can determine or infer an individual’s racial or ethnic origin, health or biometric data. We only process sensitive personal information to the extent permitted or required by applicable law

Please note that, in respect of minor’s personal information, except where required by local laws, we do not knowingly collect personal information from our websites from any children or minors. As a parent or legal guardian, please do not allow your children or minors to submit personal information without your permission.

 

1.4 HOW WE PROCESS AND USE YOUR INFORMATION

We may collect, process and/or use the personal information which we collect in order to:

  • Deliver our products and services to you – such as completing your reservations, sending you reservation confirmations, supplying the purchased goods and services, registering you for program membership and administering such program, fulfilling a request for information, customising our services to your preferences, earning and redeeming rewards, keeping proper records of your transactions with us
  • Communicate and provide marketing and promotion to you – such as sending you information and updates on our products and services and other products and services that we think may be of interests to you, including latest promotions, competitions, joint- and cross promotions with our business partners, response to enquiries, to send you important information regarding our website, changes to our terms, conditions and policies
  • Develop and improve our services to you – such as performing market research, analytics and/or profiling, developing new products and services, improve the effectiveness of our website, your hotel experience, our various types of communications, advertising campaigns, and promotional activities
  • Work and cooperate with third parties to deliver our products and services to you – such as travel agents, group travel organisation, or anyone involved in the process of making your travel arrangements, credit card companies, airline operators and third party loyalty programs
  • Maintain your safety and security as well as that of other guests and personnel – such as to make proper identification and verification in processing of transaction, implement security surveillance and access controls when you visit or stay at our hotels, and administer general record keeping
  • Operate the website and mobile App – allowing you to use certain functionalities in the website or mobile App
  • Meet applicable legal and regulatory requirements
  • Use it in other ways as required or permitted by law or with your consent

We will only collect, process and/or use the personal information where we are satisfied that we have an appropriate lawful basis to do so.

 

1.5 WHAT INFORMATION WE PROCESS, AND HOW WE PROCESS AND USE YOUR INFORMATION IF YOU ARE A LOYALTY PROGRAMME MEMBER

If you join the loyalty programme, we may process (including collect, store, use, edit, transfer, provide, publish or delete) your personal information (including information deemed sensitive personal information in Mainland China highlighted in bold) for operating the basic business functions of the loyalty programme, its website and mobile App. Unless otherwise stated, the personal information we process is necessary for the relevant business functions and processing purposes. If you refuse to provide the relevant personal information for our processing, we may not be able to operate the relevant business function and provide those services to you.

You need to carefully consider whether your sensitive personal information should be disclosed to us. It is necessary for you to provide us with such sensitive personal information, so that we can provide certain services to you. (If you are based in certain jurisdictions, including Mainland China, and if you do not provide us with your separate consent to process your sensitive personal information, we may not be able to provide certain services to you).

If you are based in the UK/EU then the applicable lawful bases for processing of your personal data in connection with each of the purposes below is set out in the final column.

 Processing Purposes and MeansPersonal Information ProcessedUK/EU Lawful Basis
1.For administering your loyalty programme membership (including membership registration and managing your membership tiers)Name, date of birth, loyalty programme membership number, membership tier, contact details (residential addresses, work address, emails and telephone numbers), loyalty programme account log in credentials, your guest stay information and lifestyle information, your goods and/or services purchase information/history, language preferenceTo perform a contract with you
2.For earning loyalty pointsName, loyalty programme membership number, membership tier, your goods and/or services purchase information/historyTo perform a contract with you
3.For spending loyalty points to redeem goods and/or servicesFor spending points: your name, loyalty programme membership number, membership tier

For redeeming goods and/or services by points: name of the recipient of goods and/or services, contact details (emails and telephone numbers), (in the case of purchasing goods) delivery address, goods and/or services redemption details, airline loyalty programme membership number
To perform a contract with you
4.For spending loyalty points to book hotel servicesFor spending points: your name, loyalty programme membership number, membership tier

For booking hotel services on our website: your name, name of hotel, contact details (emails and telephone numbers), hotel check in and check out time
To perform a contract with you
5.For facilitating payment for hotel services on our systemName, loyalty programme membership number, membership tier, payment informationTo perform a contract with you
6.For providing customer support services (e.g. administrative communications about your loyalty programme membership)Name, loyalty programme membership number, contact details (residential addresses, work addresses, emails and telephone numbers), your guest stay information, your goods and/or services purchase or redemption information/historyLegitimate interests (for running our business)
7.For fraud prevention and investigating any potential violation of applicable lawsName, date of birth, nationality, identification document information (including passport, identity card, driver’s licence or other official government documentation), loyalty programme membership number, personal and work contact details (residential addresses, work addresses, emails and telephone numbers), IP addressLegal obligations (to comply with lawful request(s) from regulatory, government or judicial body, process information from accident reports, require processing of health and/or safety records)
8.For undertaking identity check and investigating any potential violation of our Group’s policiesName, date of birth, nationality, identification document information (including passport, HKID, driver’s licence or other official government documentation), loyalty programme membership number, personal and work contact details (residential addresses, work addresses, emails and telephone numbers), IP addressLegitimate interests (for running our business, ensuring compliance with Group policies)
9.For resolving any issues with the loyalty programme website or mobile App and/or improving user experience of the website or mobile Apployalty programme membership number, membership tier, IP address and web browsing informationLegitimate interests (for running our business, ensuring compliance with Group policies)

Business functions aimed at improving our products / services

When necessary, we will collect your personal information for the purposes of improving our service quality, including providing you with better-performing services and personalised content, functions and recommendations, etc. If you refuse to provide the relevant personal information for our processing, we may not be able to provide certain services to you, but it will not affect your use of the basic business functions and other extended business functions.

Your personal information may be processed as follows:

 Processing Purposes and MeansPersonal Information ProcessedUK/EU Lawful Basis
1.For designing personalised content on the loyalty programme website or mobile AppName,  date of birth, loyalty programme membership number, membership tier, contact details (residential addresses, work addresses, emails and telephone numbers), your guest stay information and lifestyle information, your goods and/or service purchase or redemption information/history,  (for website only) IP address and web browsing informationLegitimate interests (to keep the website and mobile App updated and relevant to you, to grow our business) Consent (to the extent we use cookies or similar technologies for this purpose)
2.For marketing goods and/or services of our Group or our business partnersName, age, loyalty programme membership number, membership tier, your guest stay information and lifestyle information, your goods and/or service purchase or redemption information/history, IP address and web browsing informationConsent (to the extent you have provided the consent for the purpose of our marketing) Legitimate interests  (to grow our business and provide you with information about similar products and services which may be of interest to you)
3.For conducting data analytics, profiling, information management and database administration for the purpose of the operation of the loyalty programme website or mobile AppName, age, loyalty programme membership number, membership tier, your guest stay information and lifestyle information, your goods and/or service purchase or redemption information/history and partially redacted IP address and web browsing informationLegitimate interests (to inform our strategy and to study how our customers use our services) Consent (to the extent we use cookies or similar technologies for this purpose)
4.For conducting market research, for statistical, data analytics, actuarial research or other purposesName, age, loyalty programme membership number, membership tier, your guest stay information and lifestyle information, your goods and/or service purchase or redemption information/historyLegitimate interests (to inform our marketing strategy and grow our business)

 

Other extended business functions and system permissions

To provide you with a greater user experience on the loyalty programme website or mobile App, we may also process your personal information for other extended business functions. If you do not provide your personal information for an extended business function, you will not be able to use the corresponding services, but it will not affect your use of the basic business functions. You could choose to provide your personal information to us and select to use the extended business functions at your preference.

If you are using the mobile App, we will ask for your consent to our processing of your personal information for each of the following purposes and business functions in this paragraph. You can withdraw your consent to each of the following at any time by disabling our access rights in your device settings or mobile App settings:

 

  • we will use GPS technology to determine your current location, and use your location data to locate the hotels in proximity with your location and sorting the offers by these hotels. During your registration on the mobile App, we will pre-populate the location field and the country code based on your location. You can withdraw your consent at any time by disabling Location Data in your device settings;
  • for you to leave comments, feedback or complaints on or through our mobile App, you may choose to upload images. We would, therefore, need to obtain your authorisation to use your device camera for photo-taking and photo gallery access;
  • when you unlock or sign in, or use certain functions such as payment verification in the mobile App by using your fingerprint or facial information, your fingerprint or facial information (as applicable) is only stored on your device locally, and we will only receive your fingerprint or facial verification results without storing or retaining your original facial information;
  • to enable you to call us using your mobile device directly through the mobile App, we will need your authorisation to use your phone functionalities; and
  • to enable you to receive our marketing information, as well as member status changes and in-app alerts (e.g. messages from our hotels), we will need your authorisation to turn on the notifications in your device.

Separately, the mobile App offers the function to chat within the mobile App with our personnel in the form of text messaging. Please note, any personal information provided by you in such conversations with our hotel staff will be treated as being provided to us for use in providing our customer support services, and such personal information will be processed in accordance with this Privacy Policy.

We may access your device clipboard, but we will not collect the clipboard information.

 

1.6 HOW LONG WE KEEP YOUR PERSONAL INFORMATION

We will keep your personal information in line with our data retention policy for no longer than is necessary to fulfil the purposes we collected it for, unless we have a lawful ground for holding it for longer.

To determine the appropriate retention period for your personal information we consider the amount, nature and sensitivity of the information, the risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

For the purpose of the loyalty programme, unless required by applicable laws and regulations or with your consent, we will generally retain your personal information processed only for the loyalty programme for three (3) years after your membership account status becomes “dormant” (i.e. when there is no transaction involving your membership account for 24 consecutive months).

We will safely and securely delete, dispose of or anonymise personal information after the applicable retention period or when we no longer need it.

 

1.7 INFORMATION SECURITY

We endeavour to protect your personal information we maintain and have implemented reasonable technical, organisational and administrative measures to keep your personal information safe and secure and to protect it against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties that have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

When we outsource the processing of your personal information to third parties or provide your personal information to third-party services providers, we oblige those third parties to protect your personal information with appropriate security measures.

 

1.8 INFORMATION TRANSFER OVERSEAS

We do business globally. In order for us to operate effectively and provide you with the best experiences with our services, we may centralise certain aspects of our information processing activities and may have databases in different countries or regions (some of which are operated by our local group company and some of which are operated by third parties on our behalf). We may therefore have to share and transfer your personal information from one country or region to another, or even across multiple jurisdictions, such as:

  • In or to Hong Kong where our corporate office is located
  • In those countries in which we manage and operate hotels, residences, sales or representative offices
  • In those countries where our third-party suppliers and/or services providers, agents, advisors or consultants are located

Your personal information may therefore be subject to privacy laws that are different from those in the country or region where the personal information is collected or those in your country or region of residences. We will endeavour that the transfer of your personal information is carried out in accordance with applicable privacy laws and that appropriate technical, organisational and administrative measures are in place for its safeguard. For information on international transfers from the EU or UK, please also see section 2.7.

 

1.9 INFORMATION SHARING

Insofar as reasonably necessary for us in delivering our products and services to you and for the purposes set out in this Privacy Policy, we may share your personal information with the below parties. The specific kind of information we share will depend on your activities with us and only to the extent as required or permitted by law, and/or with your consent.

  • Our group entities, hotels and residences managed and operated by us available here. Owners of our hotels and branded properties have a limited right to use certain personal information for their own purposes such as for complying with their own legal obligations (including maintaining books and records and other compliance obligations).
  • Our business partners and third parties involved in the delivery of our products and services to you – including those involved in a sale of all or part of our business operations or assets and those for business, operational and general administration. In particular, we may partner with certain third parties to allow you to enrol, register, link accounts or use their services. These companies may include business such as airlines, rental car providers, car services partners, travel agents or spa and other facilities provider and we may provide your name, account or membership details, and stay information (such as hotels where you have stayed, arrival and departure dates) to them so you can obtain their reward points (such as frequent flyer points) or provide you with a single source for purchasing packages that include travel-related services (such as airline tickets, rental cars or vacation packages).
  • Our marketing and advertisement partners. These partners may use your personal data to provide promotions to you, such as sweepstakes, contests, or other offers and events, etc.
  • Third party services providers in Australia, Canada, Hong Kong, Japan, Mainland China, New Zealand, Singapore, USA, which process data (including personal information) for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. Examples of these service providers include companies that provide website hosting, data analysis, payment processing, order completion, information technology and related infrastructure services, customer service, email delivery, marketing, and other services, etc.. Particularly for the mobile App, to ensure reliable services, we work with our authorised business partners which provide their plug-in programs or software development kits (“SDK”), and which may process your personal information with your consent. You may see the details of these SDKs here.
  • Our agents, advisors, consultants, other third-party suppliers and/or services providers such as our accountants, auditors, lawyers, other professional advisors and business contacts for the purpose of assisting us to operate effectively, provide you with the best experiences with our services and comply with our legal and regulatory obligations.
  • Relevant law enforcement body, regulatory, government agency, court or other third party where we believe that such disclosure is to (1) comply with an applicable law or regulation; (2) exercise, establish or defend our legal rights; or (3) protect your vital interests or those of any other person.
  • Other third parties when we have your consent or are otherwise permitted or obliged by law to do so.

We are always looking to continuously develop and expand our business. Accordingly, an entity of our Group may engage in mergers, acquisitions, dissolution, liquidation, transfer of assets or similar transactions, and in such cases, (i) we shall inform you of information that is required under applicable data protection laws; and (ii) your personal information may be transferred to any actual assignee or purchaser of all or any part of our (and/or our affiliates’) business and/or assets; and our service providers in these situations. In this case, we will ask the new company or organisation holding your personal information to continue to process your personal information in accordance with this Privacy Policy. If the new company or organisation needs to use your personal information for purposes not stated in this Privacy Policy, they will obtain your consent where required to do so in accordance with the applicable laws and regulations.

 

1.10 WHAT HAPPENS IF I DO NOT PROVIDE YOU WITH MY INFORMATION?

You may always choose what personal information (if any) you wish to provide to us. Please note, however, some of our products and services to you may be affected if you choose not to provide certain details, for example, we cannot reply to you without a name or contact details.

 

1.11 MARKETING AND COMMUNICATIONS

If you provide us with your contact details (e.g. postal address, email address, telephone number or fax number), we may contact you to let you know about the products, services, promotions and events offered that we think you may be interested in. You can always choose whether or not to receive any or all of these communications by contacting us as described in section 6 below. In addition to your agreeing to this Privacy Policy, we may also ask you to give us a separate consent before we send you with promotional information or to indicate how you would like to receive any communication (e.g. via email or regular mail). After you have indicated your preferences, you can always change them.

 

2. RESIDENTS OF THE EUROPEAN UNION AND UNITED KINGDOM

European Union (EU) or United Kingdom (UK) data protection law applies to the processing of information of residents of the European Union and United Kingdom.

 

2.1 CONTROLLER

We are the Controller and responsible for your Personal information under this Privacy Policy. This means we decide why we collect your data, how we collect it, what data is collected, how this data is going to be used and how this data is protected. Please refer to section 1.1 for further details.

 

2.2 DATA PROTECTION OFFICER (DPO)

We have appointed GRCI Law Limited as our DPO, who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, our privacy practices or how we handle your personal information please contact us in the first instance via email to dataprotection@langhamhotels.com or, alternatively, you can contact our DPO directly via email to dpoaas@grcilaw.com.

 

2.3 OUR EU REPRESENTATIVE

We have appointed IT Governance Europe Ltd to act as our EU representative. If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR), or have any queries in relation to your rights or general privacy matters, please contact us in the first instance via email to dataprotection@langhamhotels.com or, alternatively, you can contact our EU Representative directly via email to eurep@itgovernance.eu (please ensure you include our company name, Langham Hotels International Limited in any correspondence you send to our representative).

 

2.4 UK GDPR/EU GDPR LAWFUL BASIS TABLE

The table below describes the ways we plan to use your Personal information, and which Lawful Basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.
If you join the loyalty programme, we may also process your personal information in accordance with section 1.5 above.

 

LAWFUL BASIS TABLE

LAWFUL BASISPURPOSE EXAMPLES
Contractual
We use your Personal information on the basis that it is necessary for us to fulfil a contract with you.
Onboarding
When you register as a new client, or supplier and we interview and onboard you.

Service delivery
In order to be able to deliver our products and services to you

Account administration

Relationship management

Communication
To be able to contact you regarding updates or informative communications
Legitimate interest
Our legitimate business interests do not automatically override your interests – we will not use your Personal information for activities where our interests are overridden by the impact on you unless we have your consent or are otherwise required or permitted to by law.
Managing our business
Developing and improving our services to you – such as performing market research, analytics and/or profiling, developing new products and services, improve the effectiveness of our website, your hotel experience, our various types of communications, advertising campaigns, and promotional activities

Cooperation with third parties

Recommendations, communications and marketing

Advertising Effectiveness

Safety and security

Service reviews

Data analytics
We use data analytics to improve our website, products/services, marketing, customer relationships and experiences.

Rights and claims

Data subject rights
Including verifying your identity when you exercise your data subject rights.
Legal obligations
We may use your Personal information to comply with any laws or regulatory requirements applicable to us. An example might be to detect fraudulent or criminal activity, whereby we may share information with forces such as the police.
Legal requirement

Criminal activity
Consent
We may have to get your consent to use your Personal information, such as when we collect and use Special Category Personal information about you or when we want to send you electronic marketing.

Where we rely on your consent for processing, it can be withdrawn at any time. Please see the “Right to withdraw consent” paragraph of section 2.5 Data Subject Rights below for details of how to withdraw your consent.
Marketing
To measure and analyse the effectiveness of the advertising we serve you. We may collect IP addresses and store Cookies on visitors’ devices. Sending third-party direct marketing communications to you via email, letters or phone calls.

Special Category Personal informationExpress consent for collecting and processing sensitive data also known as special category personal information (such as biometric data or data concerning health).

 

2.5 DATA SUBJECT RIGHTS

You have several rights under UK and EU data protection law. The rights available to you depend on our reason for processing your information and are set out in the below.

 

TABLE OF YOUR RIGHTS

YOUR RIGHTDETAILS
Right to be informedWe have a legal obligation to provide you with concise, transparent, intelligible, and easily accessible information about your personal information and our use of it.
Right of accessYou have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information. When you request this data, this is known as making a data subject access request (DSAR). In most cases, this will be free of charge; however, in some limited circumstances, for example repeated requests for further copies, we may apply an administration fee.
Right to rectificationYou have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Right to erasureYou have the right to ask us to erase your personal information in certain circumstances. We have the right to refuse to comply with a request for erasure if we are processing the personal information for one of the following reasons:
  • To exercise the right of freedom of expression and information.
  • To comply with a legal obligation.
  • To perform a task in the public interest or exercise official authority.
  • For archiving purposes in the public interest, scientific research, historical research or statistical purposes.
  • For the exercise or defence of legal claims.
Right to restriction of processingYou may ask us to stop processing your personal information. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing:
  • The accuracy of the personal information is contested.
  • Processing of the personal information is unlawful.
  • We no longer need the personal information for processing, but the personal information is required for part of a legal process.
  • The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
Right to data portabilityThis right only applies if we are processing information based on your consent or for the performance of a contract and the processing is automated.
Right to withdraw consentYou may ask us to stop processing your personal information. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing:
  • For marketing-related emails, you may use the unsubscribe link at the bottom of any of our communications or opt out by following the instructions set out in the relevant communications. Please note that, even if you choose to opt out of marketing-related emails, you will continue to receive transactional messages, such as information about reservations or stays, including confirmation and pre-arrival emails, or account security updates.
  • For cookie usage on websites, you may reject these/withdraw consent within our cookie banner.
  • In general, you may also withdraw consent via email to dataprotection@langhamhotels.com or (for Brilliant loyalty program) enquiry@brilliantbylangham.com, as well as through prescribed forms on our websites.

 

2.6 HOW TO EXERCISE YOUR RIGHTS

In most circumstances, you do not need to pay any charge for exercising your rights. We have one month to respond to you. This may in certain circumstances be extended if your request is particularly complex or you have made a number of requests.

To exercise your rights or get more information about exercising them, please contact us using the contact details provided in “HOW TO CONTACT US”, giving us enough information to identify you.

 

2.7 INFORMATION TRANSFER OVERSEAS

Please refer to section 1.8 above for general details of transfers of personal information overseas.

Whenever we transfer your personal information out of the EU or the UK, we ensure that a similar degree of protection is afforded to it by ensuring one of the following safeguards is implemented:

  • the recipient country ensures an adequate level of protection for personal information;
  • the recipient or recipient country is subject to an approved certification mechanism or code of conduct with binding and enforceable commitments which amount to appropriate safeguards for personal information;
  • we have put in place appropriate safeguards to protect any transferred personal information, such as a contract with the person or entity receiving the personal information which incorporates specific provisions as directed by the UK Information Commissioner’s Office or the European Commission;
  • the transfer is permitted by applicable laws; or
  • your explicit consent to the transfer has been obtained.

For further details on the mechanisms used by us when transferring your personal information out of the UK, please contact us via email to dataprotection@langhamhotels.com or by post at 27/F, Great Eagle Centre, 23 Harbour Road, Wanchai, Hong Kong.

 

2.8 INFORMATION SHARING

Please refer to section 1.9 above for information on how we may share your personal information.

You can contact us for the relevant information regarding the third party personal information recipients that are processing of your personal information or are based outside of the EU or UK, such as their identity, contact information, retention period, location, the processing activities undertaken by them (including types of personal information being processed, and the purposes and means of processing), their responsibilities in relation to processing of your personal information, (where applicable) the legal bases for such transfers to outside of the EU or UK and how you may exercise your personal information privacy rights against them. Our contact details are set out in section 6 “HOW TO CONTACT US”.

 
2.9 HOW YOU CAN COMPLAIN TO OR ABOUT US

We hope that we can resolve any query or concern you raise about our use of your information. Please contact us first using the contact details provided in section 6 “HOW TO CONTACT US” and title your email “Complaint”. All complaints will be treated in a confidential manner, and we will try our best to deal with your concerns.

You have the right to lodge a complaint with a supervisory authority in the EEA member state where you work or normally live, or where any alleged infringement of data privacy legislation occurred. A list of these and their contact details can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

The supervisory authority in the UK is the ICO, which may be contacted at https://ico.org.uk/make-a-complaint/ or by telephone on 0303 123 1113.

3. NOTICE TO CALIFORNIA RESIDENTS

United States (US) federal and state privacy laws apply to the processing of information of residents of the United States. This section is meant to provide supplemental or specific information for residents of California and certain other US states. We encourage you to read the full policy for a complete picture of our privacy practices.

 

3.1 CATEGORIES OF PERSONAL INFORMATION PROCESSED

For purposes of the California Consumer Privacy Act (CCPA)  personal information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

During the past 12 months, we have collected the following categories of information from the listed sources, used it for the listed business purposes and shared it with the listed categories of third parties. The categories of information include information we collect from our website visitors, registered users, vendors, suppliers and any other person that interacts with us either online or offline. Not all information is collected about all individuals. For instance, we may collect different information from applicants for employment or from vendors or from customers.

If you join the loyalty programme, we may also process your personal information in accordance with section 1.5 “WHAT INFORMATION WE PROCESS, AND HOW WE PROCESS AND USE YOUR INFORMATION IF YOU ARE A LOYALTY PROGRAMME MEMBER” in the General Terms. See also section 3.2 of this Notice below for our Notice of Financial Incentive for members of our loyalty programme.

Category of information collected SourceBusiness purposes* for useCategories of third parties receiving information

Identifiers (name, alias, date of birth, postal address, email address,  phone number, fax number, account name, unique personal identifier, IP address)

And

Information About You. Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, your name, signature, physical characteristics or description, address, telephone number, bank account number, credit card number, debit card number, or any other financial information, or medical information,.

Individuals submitting information to us Information we may receive from third-party marketing and data partners (e.g., for making bookings and reservations)

auditing relating to transactions security detection, protection and enforcement; ad customization performing services for you including operating our loyalty programme internal research and development quality control

service providers (such as payment processors, mail houses, marketing partners, shipping partners) affiliated companies government regulators and law enforcement (when lawfully requested)

Protected classification information (gender, ethnicity, religion, disability)individuals submitting informationperforming services for you to accommodate any special needsservice providers affiliated companies government regulators and law enforcement (when lawfully requested)
Commercial information (transaction history, products/services purchased, obtained or considered, product preference)individuals submitting information information we automatically collect from website visitors information we may receive from third-party marketing or data partners information we collect for security purposesauditing relating to transactions security detection, protection and enforcement ad customization performing services to you including operating our loyalty programme internal research and development quality controlservice providers (such as payment processors, mail houses, marketing partners, shipping partners) affiliated companies government regulators and law enforcement (when lawfully requested)
Electronic network activity (browsing or search history, website interactions, advertisement interactions)information automatically collected from website visitors

functionality debugging/error repair ad customization internal research and development quality control

service providers (such as marketing partners) affiliated companies government regulators and law enforcement (when lawfully requested)

Audio, video or similar information (customer service calls, security monitoring)

Geolocation (geo-targeting for digital and social media ads)

individuals submitting information information we automatically collect from website visitors information we may receive from third-party marketing or data partners information we collect for security purposesauditing relating to transactions security detection, protection and enforcement performing services for you internal research and development quality control ad customizationservice providers (such as payment processors) affiliated companies government regulators and law enforcement (when lawfully requested) service providers (such as marketing partners)
Inference from the above (preferences, characteristics, behaviour, attitudes, abilities, etc.)internal analyticsauditing relating to transactions security detection, protection and enforcement ad customization; performing services for you internal research and development quality controlservice providers (such as payment processors, mail houses, marketing partners) affiliated companies

We also collect the below categories of sensitive personal information as defined under California law.

We do not use or disclose your sensitive personal information for purposes other than those necessary to provide you with benefits and services, to aid in protecting and securing your personal information and our systems, to verify or maintain the quality or safety of our services and systems, or as otherwise permitted under regulations or required by law.

Category of sensitive information collected SourceBusiness purposes* for useCategories of third parties receiving information

Account log-in, password, or credentials allowing access to an account.

individuals submitting information (including employment applications)

auditing relating to transactions security detection, protection and enforcement performing services for you internal research and development quality control

service providers (such as payment processors, employee benefits partners) affiliated companies government regulators and  law enforcement (when lawfully requested)

Personal information collected and analyzed concerning a consumer’s health.individuals submitting informationperforming services for you to accommodate any special needsservice providers affiliated companies government regulators and law enforcement (when lawfully requested)
Precise Geolocationindividuals via the mobile Applocate the hotels in proximity with guest location and sorting the offerings by these hotels. during the guest registration on the mobile App, pre-populate the location field and the country code based on the guest locationservice providers

*MORE SPECIFICALLY, THE BUSINESS PURPOSES INCLUDE:

 

PERFORMING SERVICES FOR YOU 

  • To administer or otherwise carry out our obligations in relation to any agreement to which we are a party
  • To assist you in completing a transaction or order
  • To prepare and process invoices
  • To respond to queries or requests and to provide services and support
  • To provide aftersales customer relationship management
  • To create and manage our customer accounts
  • To notify you about changes to our services and products
  • To administer any promotion, contest, survey, or competition
  • To provide you information regarding our products and services
  • To offer our products and services to you in a personalised way, for example, we may provide suggestions based on your previous requests to enable you to identify suitable products and services more quickly

 

ADVERTISING CUSTOMIZATION

For marketing and promotions we believe you may find of interest and to provide you, or allow selected third parties to provide you, with information about products and services that may interest you.

 

AUDITING RELATING TO TRANSACTIONS, INTERNAL RESEARCH AND DEVELOPMENT

  • To provide for internal business administration and operations, including troubleshooting, website customisation, enhancement or development, testing, research, administration and operation of our websites and data analytics
  • To create products or services that may meet your needs
  • To measure performance of marketing initiatives, ads, and websites “powered by” another company on our behalf

 

SECURITY DETECTION, PROTECTION AND ENFORCEMENT; FUNCTIONALITY DEBUGGING, ERROR REPAIR

  • As part of our efforts to keep our property and websites safe and secure
  • To ensure the security of your account and our business, preventing or detecting fraud, malicious activity or abuses of our websites, for example, by requesting verification information in order to reset your account password (if applicable)
  • To ensure the physical security of our premises through the monitoring of surveillance images
  • To resolve disputes, to protect the rights, safety and interests ourselves, our users or others, and to comply with our legal obligations

QUALITY CONTROL

  • To monitor quality control and ensure compliance with our legal obligations, codes and ordinances, policies and procedures
  • To develop and improve our products and services, for example, by reviewing visits to the websites and various subpages, demand for specific products and services and user comments

 

3.2 Notice of financial incentive for loyalty programme members

We offer our customers the opportunity to participate in our loyalty programme, which provides benefits, including discounts on meals, goods or hotel services, as well as the opportunity to earn points which can be used to redeem goods or services. Those benefits are described along with other important information in the Terms and Conditions . A full list of our participating venues, along with the benefits they provide, can be found here .

In order to offer the our loyalty program to our members, we collect and process member’s personal information as described above in section 1.5 “WHAT INFORMATION WE PROCESS, AND HOW WE PROCESS AND USE YOUR INFORMATION IF YOU ARE A LOYALTY PROGRAMME MEMBER” in the General Terms.

We estimate the value of a member’s personal information to us, solely for purposes of the California Consumer Privacy Act (CCPA) and pursuant to the valuation criteria specified by the CCPA Regulations, to be on average approximately $0.39 per consumer in 2024. This estimate is not specific to any individual consumer and varies per consumer. We have based this good-faith estimate on the value that arises from our commercial relationships and the collection and retention of the personal information of consumers who have voluntarily signed up and chosen to remain in the loyalty programme. The value of programme benefits to members varies significantly as individual members take advantage of programme benefits to varying degrees.

To join our loyalty programme, you may sign up on the loyalty programme website or mobile App (including the WeChat mini program), the Guest Registration Card, our booking system, or (if you have been part of a pre-existing loyalty programme) register on our Legacy Enrolment page. Programme members can withdraw from the programme at any time via email to enquiry@brilliantbylangham.com , as well as through prescribed forms on our websites . You may also have the right to request that we delete personal information that we collect about you, as well as other rights as described in this Privacy Policy. As the personal information we collect from loyalty programme members is necessary for us to provide the programme, exercising your right to request that we delete your personal information may prohibit us from being able to continue to offer your membership in the programme.

 

3.3 SELLING INFORMATION

We do “share” the below categories of personal information relating to California residents for cross-context behavioural advertising purposes. This means that we may share your personal information with our business partners in order to target advertising based on personal information obtained from your activity across businesses, distinctly‐branded websites, applications, or services, other than our websites and services with which you intentionally interact. We may also transfer your information to other third party services that provide us with data analysis and security services, which may fall under the definition of “other valuable consideration” and may be considered a “sale” under the CCPA. We do not otherwise “sell” your personal information, as defined under California law. During the past 12 months we disclosed the below categories of personal information with third parties for a business purpose which may fall within the definition of a “sale”.

You have the right to opt out of this sharing. If you are a California resident over the age of 16 and would like to instruct us not to sell your personal information, please visit our Do-Not-Sell web page here . We do not sell personal information of individuals we actually know are less than 16 years of age. If you request that we not sell your information we will honour your request within 15 days, will notify those who received your information in the 90 days before your request to not further sell your information and will notify you when this has been completed. Once we receive your Do-Not-Sell request we will wait at least 12 months before asking you to reauthorise personal information sales.

VISIT OUR DO-NOT-SELL WEB PAGE

OR call our toll-free number at (+1) 833-906-2154

 

Category of information we “share” or “sell”Third Parties With Whom We Share This Information

Personal identifiers (identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, or other similar identifiers)

 

service providers (such as marketing partners) affiliated companies
 Commercial information (transaction history, products/services purchased, obtained or considered, product preference)service providers (such as marketing partners) affiliated companies 
Electronic network activity (browsing or search history, website interactions, advertisement interactions)service providers (such as marketing partners) affiliated companies
Geolocation (geo-targeting for digital and social media ads)service providers (such as marketing partners) affiliated companies

 

 
3.4 YOUR CALIFORNIA PRIVACY RIGHTS

As a California resident, you may be entitled to all or some of the rights described below regarding your personal information, subject to certain conditions and limitations. Only those rights relevant to you will apply, and our inclusion of information about privacy laws does not imply that all privacy laws are applicable.

  • Right to Know – You may be entitled to request that we disclose to you personal information we have collected about you, the categories of sources from which we collected the information, the purposes of collecting the information, the categories of third parties to whom we have disclosed the information, the categories of personal information that we have disclosed to third parties for a business purpose, the categories of information sold, and the categories of third parties information is sold to. In some instances, you may have the right to receive the information about you in a portable and readily usable format. Before providing any of this information, we must be able to verify your identity.
  • Right to Opt-Out – You have the right to opt-out of information sharing that constitutes “sharing” personal information under California law.
  • Right to Deletion – Subject to certain conditions, you may be entitled to request that we delete personal information about you. Before deleting personal information, we must be able to verify your identity. We will not delete personal information about you when the information is required to fulfill a legal obligation, is necessary to exercise or defend legal claims, or where we are required or permitted to retain the information by law.
  • Right to Correction – You may be entitled to request that we correct inaccurate personal information. Before collecting personal information, we must be able to verify your identity. We will not correct personal information about you when the information is required to fulfill a legal obligation, is necessary to exercise or defend legal claims, or where we are required or permitted to retain the information as-is by law.

 

Data solely retained for data backup purposes is principally excluded from these rights until it is restored to an active system or next accessed or used for a sale, disclosure, or commercial purpose.

We will not discriminate against you as a result of your exercise of any of these rights.

HOW TO EXERCISE YOUR RIGHTS

In order to make a request for disclosure California residents may contact us by calling us toll-free at (+1) 833-906-2154 or by visiting our CCPA request page here . We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information) and will use that information only for that purpose. We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be. We will acknowledge receipt of your request within 10 days and will endeavor to respond within 45 days of receipt of your request, but if we require more time (up to an additional 45 days) we will notify you of our need for additional time. For requests that we not sell your information we will comply with your request within 15 days.

We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you. In order to verify your identity, you will need to submit information about yourself, including your name, contact information, and, to the extent applicable, providing your account login credentials. We will match this information against information we have previously collected about you or provided to you to verify your identity and your request. If we are unable to verify your identity as part of your request, we will not be able to satisfy your request. We are not obligated to collect additional information in order to enable you to verify your identity. For deletion requests, you will be required to submit a verifiable request for deletion and then confirm separately that you want personal information about you deleted. Information collected for purposes of verifying your request will only be used for verification.

You may make a request for disclosure of the information we collected about you, or our sharing practices in respect of that data up to twice within a 12-month period. You may make a request that we not sell information or for deletion of your information at any time.

For requests for a copy of the personal information we have collected during the 12 months prior to your request we will endeavour to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.

For requests for deletion of your information please understand that California law permits us to retain certain information and not to delete it under certain circumstances. By way of example, we are not required to comply with a request to delete information if the information is necessary for us to complete a transaction for you or otherwise perform a contract; to detect, protect against, or prosecute security incidents, fraud or illegal activity; to use the information only internally in ways reasonably aligned with your expectations as our customer (such as maintaining sales records), and to comply with legal obligations. If we receive such a request from you we will notify any service providers we have engaged to delete your information as well.

Please note that under applicable privacy law, we are only obligated to respond to personal information requests from the same consumer up to two times in a 12-month period. In addition, under applicable privacy law, and for the protection of your personal information, we may be limited in what personal information we can disclose.

California law also permits you to request in writing a list of the types of personal information that we have disclosed to a third party for their direct marketing purposes during the preceding year and to whom that information was disclosed.

 

VISIT OUR CCPA REQUEST PAGE OR

call our toll-free number at (+1) 833-906-2154

 

USING AN AUTHORIZED AGENT

You may submit a request through someone holding a formal Power of Attorney. Otherwise, you may submit a request using an authorised agent only if (1) you provide the authorized agent with written permission to make a request and (2) you verify your own identity directly with us. We will require the agent to submit proof to us that they have been authorized to make requests on your behalf.

 

4. NOTICE TO MAINLAND CHINA RESIDENTS

4.1 HOW DO WE COLLECT AND USE YOUR PERSONAL INFORMATION?

This Notice applies to you if you are located in Mainland China.

Langham Hotels (Shanghai) Company Limited and Langham Hotels International Limited process your personal information for the purposes set out in this Notice and are the controllers of all customer personal information. More specifically, Brilliant Loyalty Program Limited (an affiliate of Langham Hotels (Shanghai) Company Limited and Langham Hotels International Limited) operates the loyalty programme and is the controller of the personal information of loyalty programme members.

In this Notice, “personal information” means any type of information (recorded via electronic means or otherwise) associated with an identified or identifiable natural person, but excluding any anonymised information. “Sensitive personal information” means personal information which, if leaked or used illegally, may easily cause harm to the dignity of natural persons, or cause harm to personal or property safety, including biometric information, religious beliefs, specific identity information, health and medical information, financial account information, individual location tracking information and personal information of minors under the age of fourteen (14).

In general, we may collect and process your personal information in the following scenarios:

  • When you browse and interact with our website and/or use any mobile apps that we may make available, we may collect your account or membership details, social media details, profile, password details and other information relating to your use and interaction with our website/mobile apps. If you sign up for newsletter subscription or make brochure requests, we may collect your name and email address to provide you the newsletter or brochure.
  • When you make a booking on our online reservation systems or other channels, we may collect your name, identification document information (including passport, identity card, driver’s licence or other official government documentation), contact details (such as addresses, emails and telephone numbers), loyalty programme membership number, payment details (such as bank information or credit card information), or such information of the guests for whom you make the reservation to complete your reservations and send the reservation confirmation to you or the guests.
  • When you purchase our goods or services, we may collect your name, contact details (such as addresses, emails and telephone numbers), loyalty programme membership number, payment details (such as bank information or credit card information) and other information relevant to us supplying you the goods and services.
  • When you stay as a guest or visit the hotels, restaurants, spa or facilities managed by us, we may collect your name, identification document information (including passport, identity card, driver’s licence or other official government documentation), contact details (such as addresses, emails and telephone numbers), loyalty programme membership number, payment details (such as bank information or credit card information), your guest stay information and lifestyle information (such as hotels where you will or have stayed, arrival and departure date, room preferences, leisure activities, names and age of children, observation of your services preference), your review and feedback on our property and/or services, other information necessary to fulfil special requests, and other information relevant to supply you the services and keep proper records of your transactions with us. We may also collect information from our security systems such as from our closed circuit television system, card key, internet login and firewalls to maintain your safety and security as well as that of other guests and personnel (such as to make proper identification and verification in processing of transaction, implement security surveillance and access controls when you visit or stay at our hotels, and administer general record keeping).
  • When you submit enquiries to us or provide us with your feedback, we may collect your name, contact details, loyalty programme membership number and the other information submitted by you (such as feedback or content you provide regarding your interests and preferences) to handle your enquiries and feedbacks.
  • When you participate in our promotional offers, competitions or surveys, we may collect your  name, contact details (such as addresses, emails and telephone numbers), loyalty programme membership number, social media information, and other information submitted by you for us to process your interaction and/or transaction with us.

 

In addition to the purposes listed above, we may process your personal information for the following purposes:

  • Fulfilling a request for information;
  • Customising our services to your preferences;
  • Earning and redeeming rewards;
  • Sending you information and updates on our products and services and other products and services that we think may be of interests to you, including latest promotions, competitions, joint- and cross promotions with our business partners;
  • Sending you important information regarding our website, changes to our terms, conditions and policies;
  • Performing market research, analytics and/or profiling;
  • Developing new products and services;
  • Improving your hotel experience, our various types of communications, advertising campaigns, and promotional activities;
  • Improving the effectiveness of our website; and
  • Meeting applicable legal and regulatory requirements.

We will obtain your consent for the processing of your personal information as required by applicable laws and regulations. If there is any change to the types of personal information processed, the purposes for which such information is processed or the means of processing, we will obtain your consent for such change if required by applicable law. Please note, we shall not be required to obtain your consent to process your personal information if any of the following situations apply:

  • where the processing of personal information is necessary for the conclusion or performance of a contract to which you are a contracting party, or where it is necessary to carry out human resources management according to lawfully formulated labour rules and lawfully concluded collective contracts;
  • where it is necessary to perform a statutory responsibility or obligation;
  • if it is necessary to respond to a public health emergency, or to protect the life, health or property safety of an individual in case of an emergency;
  • where personal information is processed within a reasonable scope to carry out news reporting, public opinion supervision or any other activity for public interest purposes;
  • where the processing relates to personal information published by you or otherwise already lawfully disclosed, within a reasonable scope in accordance with applicable laws; or
  • if the processing of personal information is directly related to:
    • national security and national defence;
    • public safety, public health and major public interest; or
    • criminal investigations, criminal prosecutions, adjudication or enforcement of judgments; and/or
    • ensuring the safe and stable provision of our product or services, and the processing is necessary.

We may also indirectly receive your personal information from third party organisations, such as the various partners with whom we work, where you have provided your consent for such information to be shared with us or where we have a legal basis to use the personal information in order to provide you with our products and services. You may contact us for more information about the source of your personal information.

 
4.2 IF YOU ARE A MEMBER OF THE LOYALTY PROGRAMME, HOW DO WE PROCESS YOUR PERSONAL INFORMATION?

If you join the loyalty programme, we may process (including collect, store, use, edit, transfer, provide, publish or delete) your personal information in accordance with section 1.5 “WHAT INFORMATION WE PROCESS, AND HOW WE PROCESS AND USE YOUR INFORMATION IF YOU ARE A LOYALTY PROGRAMME MEMBER” in the General Terms.

Your indication of consent to the Privacy Policy shall not entitle us to collect and process all personal information for the loyalty programme. We shall only collect and process those personal information which are necessary to perform and carry out the relevant business functions or purposes.

Please refer to the section 5.1 “COOKIES” in the General Terms of the Privacy Policy on how we may use cookies to enhance your experience on the loyalty programme website. We use cookies to understand site usage and to improve the content and offerings on our sites. For example, we may use cookies to personalise your experience at our web pages (such as to recognise you by name when you return to our site), save your username in password-protected areas, and to offer you products, programs, or services.  For further details, please refer to our Cookies Policy . You may refuse to accept the cookies in accordance with our Cookies Policy, but if you do, certain functionality may become unavailable.

We may market products or services or deliver messages to you based on your preferences, interests and other personal characteristics. These messages may be marketed or delivered to you by way of letter, email, short message service, through social media platforms and/or push notifications within the loyalty programme website or mobile App. If you do not wish us to target our marketing based on your personal characteristics or if you wish to opt out from direct marketing, please contact us using the contact details provided in section 6 “HOW TO CONTACT US” in the General Terms. If you are using the mobile App, you may also turn off the permission for access to notifications in your device settings or the settings in the mobile App. After the access is disabled, you will not be able to receive push notifications from the mobile App.

 
4.3 Minors’ personal data

The loyalty programme (now the Brilliant Loyalty Programme) enrols members who are eighteen (18) years old or above. Except where required by local laws, we do not knowingly collect personal information for the loyalty programme from any minors. If you are below the age of eighteen (18), please do not use the Brilliant website or mobile App. As a parent or legal guardian, please do not allow your minors under the age of eighteen (18) to submit personal information for the loyalty programme without your permission.

 

4.4 HOW DO WE SHARE AND ENTRUST THE PROCESSING OF YOUR PERSONAL INFORMATION?

Like most international hotel brands, we may outsource the processing of certain functions and/or information to third parties, and thus our Group entities, hotels and residences managed and operated by us, and other third parties (such as market research firms, agents, advisors, consultants, other third party suppliers and/or services providers to assist us to operate effectively and provide you with the best experiences with our services) may process your personal information on our behalf. When we outsource the processing of your personal information to third parties or provide your personal information to third-party services providers, we require those third parties to protect your personal information with appropriate security measures.

When we share your personal information with any third parties, we will strive to ensure (including but not limited to using contractual measures or adopt encryption for transfer to ensure) that such third parties comply with this Privacy Policy and other appropriate confidentiality and security measures that we require them to comply with when using your personal information, except for the personal information you provide directly to the third parties through the use of their services. Where we are jointly processing your personal information with a third party personal information controller, we shall ensure that our responsibilities in processing your personal information are clearly and distinctively defined.

Where necessary for the relevant purposes identified above in “HOW DO WE COLLECT AND USE YOUR PERSONAL INFORMATION?” and sections 1.4 “HOW WE PROCESS AND USE YOUR INFORMATION” and 1.5 “WHAT INFORMATION WE PROCESS, AND HOW WE PROCESS AND USE YOUR INFORMATION IF YOU ARE A LOYALTY PROGRAMME MEMBER” in the General Terms, we may transfer or disclose your personal information (including sensitive personal information) to third parties located outside Mainland China with your separate consent. We may not be able to provide certain services to you if we do not carry out such transfer. We have adopted contractual and security measures to protect your relevant rights and interests in relation to the transfer. In particular, where required by law, we will enter into a data transfer agreement with such third parties.

Your personal information may be disclosed to the parties listed in section 1.9 “INFORMATION SHARING” above for the corresponding purposes. Here you may see the details of third party personal information recipients that are processing of your personal information or are based outside Mainland China, such as their identity, contact information, retention period, location, the processing activities undertaken by them (including types of personal information being processed, and the purposes and means of processing), their responsibilities in relation to processing of your personal information, (where applicable) the legal bases for such transfers to outside of Mainland China and how you may exercise your personal information privacy rights against them. Our contact details are set out in section 6 “HOW TO CONTACT US” in the General Terms of this Privacy Policy.

 
4.5 WHERE WE STORE YOUR PERSONAL INFORMATION

We will store your personal information in local databases in Mainland China and/or databases elsewhere in compliance with applicable data protection laws and regulations. Our corporate office is based in Hong Kong and as we do business globally, for the purposes specified in this Privacy Policy, we may transfer your personal information to other countries or regions in accordance with the applicable data protection laws and regulations. For details about such cross-border transfer of your personal information, please see section 1.8 “INFORMATION TRANSFER OVERSEAS” in the General Terms.

 

4.6 HOW LONG WE KEEP YOUR PERSONAL INFORMATION

We will keep your personal information in line with our data retention policy for no longer than is necessary to fulfil the purposes we collected it for, unless we have a lawful ground for holding it for longer. Please refer to section 1.6 “HOW LONG WE KEEP YOUR PERSONAL INFORMATION” in the General Terms for further details.

 
4.7 HOW WE KEEP OUR PERSONAL INFORMATION SECURE

In order to ensure the correct use and to maintain the accuracy of personal information collected from you, as well as preventing unauthorised or accidental access, disclosure, alteration, loss or other use of personal information, we have implemented various internal management policies (including physical, electronic and management measures) and various security technologies and procedures based on the classification of personal information we collect from you. For example:

  • your personal information will only be accessed by our personnel on a “need-to-know” basis;
  • we ensure that our personnel are regularly trained on data protection matters;
  • where required by applicable data protection laws and regulations, we will encrypt and/or de-identify your personal information;
  • to mitigate any potential risks of unauthorised processing of your personal information, we maintain a security incident response plan; and
  • where required by applicable data protection laws and regulations, we will also seek to inform you and the relevant authorities of any incidents concerning the personal information we process on your behalf.

Please note, the network environment is not 100% secure. However, we will use our best endeavours to ensure security of your personal information, and assume any legal liabilities in relation to data security in accordance with applicable laws and regulations.

 

4.8 YOUR RIGHTS

You are conferred by the applicable data protection laws with the following personal information subject rights.

  • Right of access. You are entitled to a copy of the personal information we hold about you and to learn details about how we process it. We may require you to prove your identity before providing the requested information.
  • Right to rectification. We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you believe this is not the case, you have the right to request that any incomplete or inaccurate personal information that we process about you is amended or supplemented.
  • Right to deletion. You have the right to ask us to delete your personal information, for example where the personal information we collected is no longer necessary for the original purpose, where the personal information has become obsolete or where you withdraw your consent (if we are processing your personal information based on your consent). However, this will need to be balanced against other factors. For example, we may not be able to comply with your request due to certain legal or regulatory obligations.
  • Right to restriction of processing. You are entitled to ask us to stop using your personal information. • Right to data portability. You have the right to ask us to transfer your personal information that you have provided to us to a third party of your choice. This right can only be exercised in certain circumstances as provided by Chinese laws. • Rights relating to automated decision-making. Where automated decision-making is involved in processing your personal information, you have the right not to be subjected to decisions made merely through automated decision-making, including profiling, which produces legal effect for you or has a similar significant effect. If you believe you have been subject to an automated decision which has a material impact on your personal interest, you can contact us and ask us to explain the decision, and you also have the right to refuse the decisions made only through automated decision-making methods.
  • Right to withdraw consent. We may ask for your consent to process your personal information in specific cases. When we do this, you have the right to withdraw your consent at any time. We will stop the further processing as soon as possible after the withdrawal of your consent. However, this does not affect the lawfulness of the processing before consent was withdrawn.
  • Right to delete or deregister your loyalty programme account. You can delete or deregister your loyalty programme account by contacting us using the contact details provided in section 6 “HOW TO CONTACT US” in the General Terms, and we will respond to your request within the timeframe required by law. After deletion or de-registration of your loyalty programme account, we will stop providing you with any product and service and delete or anonymise your personal information according to our data retention policy and applicable laws and regulations.

We will respond to your requests of exercising your personal information subject rights in accordance with the applicable data protection laws. To the extent as permitted by laws and regulations, we may not be able to respond to your request of exercising your rights in the following circumstances:

  • if your request is contrary to our obligations under laws and regulations;
  • if the requested data is directly related to national security or national defense security;
  • if the requested data is directly related to public safety, public health, or significant public interest;
  • if the requested data is directly related to criminal investigations, prosecutions, trials and enforcement of judgments, etc.;
  • if we have sufficient evidence of your subjective malice or abuse of rights;
  • if it is in the interest of safeguarding your or other individuals' significant legitimate rights and interests, such as life and property, but it is difficult to obtain your authorization or consent;
  • if responding to your request to exercise your rights would result in serious harm to your or other individuals' or organisations' legitimate interests; or
  • if the requested data involves trade secrets.

To the extent permitted by relevant laws and regulations, we reserve the right to (i) refuse unreasonable requests (for example, requests which infringe the privacy of others); and (ii) charge a reasonable fee for the cost of processing any request set out above.

If you want to exercise any of the above rights or if you have any questions, complaints, concerns or requests regarding this Privacy Policy or our personal information processing practices, you can contact us using the contact details provided in section 6 “HOW TO CONTACT US” in the General Terms. If you are not satisfied with our reply, especially if you consider our processing of your personal information infringes your legal rights and interests, you can lodge a complaint or claim with your local cyber administration departments or courts in accordance with the law.

 

4.9 UPDATES TO THIS NOTICE

This Notice to Mainland China Residents is effective from 26 February 2024  (the previous version of this Notice is available here ). From time to time, we may have to update, change, modify or amend this Privacy Policy (including this Notice to Mainland China Residents). Where required under applicable laws and regulations, we may seek your consent for such updates. If you do not provide your consent, we may be unable to continue to provide our services to you. You may check the most updated Privacy Policy and this Notice to Mainland China Residents on our website and in the mobile App.

 

 

 

 

 

 

 

 
5. OTHER RELEVANT INFORMATION
 
5.1 COOKIES

To enhance your experience on our website, some of our web pages may use “cookies.” Cookies are text files that we place in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your e-mail address or other personally identifiable information unless you choose to provide this information to us by, for example, registering for one of our services. However, once you choose to furnish the site with your personal information, this information may be linked to the data stored in the cookie. We use cookies to understand site usage and to improve the content and offerings on our sites. For example, we may use cookies to personalise your experience at our web pages (such as to recognise you by name when you return to our site), save your username and/or password in password-protected areas, and to offer you products, programs, or services. We may allow select third parties to collect information about our site visitors’ online activities over time and across other websites. We do not control the third parties’ use of such information. Please refer to our Cookies Policy.

 

5.2 DO NOT TRACK

We currently do not recognise do not track signals from your web browser. As technology develops, we may add this feature to our sites.

 

5.3 LINKS TO OTHER WEBSITES

For your convenience and information, we provide links to external third-party websites, including web sites owned or controlled by independent franchisees, third party owners of hotel, resort, interval ownership, or residence properties that may use our brand name(s), or web sites not controlled or authorised by us. The linking of external third-party websites to this website does not indicate any association with or endorsement from us. We cannot always ensure, and are not responsible or liable for, any content of these external third-party websites, including, but not limited to, any advertising claims or marketing practices. Please note this Privacy Policy is limited to our own information collection practices. We strongly recommend that you read the separate privacy and security policies and the information collection practices of any external third-party website before providing any personal information while accessing those websites.

 

 
6. HOW TO CONTACT US

For any questions, concerns or requests regarding this Privacy Policy or our information collection practices, please contact us via email to dataprotection@langhamhotels.com or by post at 27/F, Great Eagle Centre, 23 Harbour Road, Wanchai, Hong Kong.

 

7. ABOUT THIS PRIVACY POLICY

This Privacy Policy is in accordance with the relevant laws of the Hong Kong Special Administrative Region but may be applied to personal information processing activities globally. The processing activities may be more limited in some jurisdictions due to the restrictions of their laws. For example, the laws of a particular country may limit the types of personal information we can collect or the manner in which we process that personal information. In those instances, we may adjust our internal policies and/or practices to adapt to the requirements of local law.

This Privacy Policy is effective from 29 February 2024 . From time to time, we may have to update, change, modify or amend this Privacy Policy. Subject to any applicable legal requirements to provide additional notice, when we make material changes to this Privacy Policy, we will provide you with notice as appropriate under the circumstances such as through our website or by sending you an email.

This Privacy Policy is written in the English language and may be translated into other languages.  In the event of any inconsistency between the English version and the translated version of this Privacy Statement, the English version shall prevail.

 

Legal Disclaimer

In addition to our rights of disclosure as mentioned hereinabove, we may also disclose your personal information when required by law or court order, or as requested by other government or law enforcement authorities, or in the good faith that disclosure is otherwise necessary or advisable including and without limitation to protect the rights or properties of our Group. This also applies when, in compliance with applicable laws, we have reason to believe that disclosing the personal information is necessary to identify, contact or bring legal action against someone who may be causing interference with our rights or properties, whether intentionally or otherwise, or when anyone else could be harmed by such activities.

Contents

The information and material contained in this site are for general references only. Our Group disclaims any warranty or representation of any kind, express or implied, as to any matter whatsoever relating to this site or any linked site. To the fullest extent allowed by law, our Group shall accept no responsibility or liability in respect of any loss or damage howsoever arising. Use of or visit this site does not constitute any binding contract over any goods and services provided by our Group, nor does it constitute an offer of any goods and services provided by our Group. Goods and services may only be available in certain countries and any offer to purchase goods or to retain services from our Group are subject to acceptance by our Group and in accordance with specific terms and conditions on which they are offered.

Copyright and Trademark Notices

All contents of this website are: ©2011-2024 Langham Hotels International Limited. 2701, Great Eagle Centre, 23 Harbour Road, Wanchai, Hong Kong. All rights reserved. This website may contain or reference trademarks, patents, copyrighted materials, trade secrets, technologies, products, processes or other intellectual property or proprietary rights of Langham Hotels International Limited and/or our Group. No license to or right in any such trademarks, patents, copyrighted materials, trade secrets, technologies, products, processes and other intellectual property or proprietary rights is granted to or conferred upon you.