We respect the privacy of all our customers and business partners, and treat personal information provided by you to us as confidential. “We”, “us”, “ourselves” and “our Group” refers to Langham Hotels International Limited and its affiliates directly involved in the group’s management and operations of properties around the world, including hotels, residences, outlets, local management entities and sales offices in the following jurisdictions: Australia, Canada, European Union, Hong Kong Special Administrative Region, Indonesia, Mainland China, Middle East, New Zealand, Singapore, Thailand, United Kingdom, and United States of America. In particular, Langham Hotels International Limited processes your personal information for the purposes set out in this Privacy Policy and is the controller of customer personal information; and Langham Hotels (Shanghai) Company Limited (an affiliate of Langham Hotels International Limited and Brilliant Loyalty Program Limited) is the regional Mainland China management entity and, together with Langham Hotels International Limited, are the controllers of customer personal information as set out in section 4 “Notice to Mainland China Residents”; and Brilliant Loyalty Program Limited (an affiliate of Langham Hotels (Shanghai) Company Limited and Langham Hotels International Limited) operates the loyalty programme and is the controller of the personal information of loyalty programme members. Guest and members’ personal information will also be shared with other entities within the Group for the purpose of operating the loyalty programme and providing goods and services to its members in accordance with this Privacy Policy.
Please read this Privacy Policy (together with the country specific portions applicable to you) and any other privacy notice or fair processing notice we may provide on specific occasions carefully, as it is meant to help you understand what information we collect, why we collect it, and how you can manage it.
This Privacy Policy supplements and updates any other policies, notices or statements that we may have provided you, and is not intended to override them.
In order for us to operate effectively, we may collect information about you, whether as hotel guests, loyalty programme members, website visitors or contact for any other purposes, where personal information is provided to us that can identify you as an individual.
Your personal information can come to us via various channels, including but not limited to:
Personal information provided directly by you
Data we collect when you use our Websites and Apps
Information we receive from third parties or public sources
We may collect, use, store and transfer different kinds of personal information about you depending on our relationship with you and where you are located, this information may include:
Identity details: such as your name, gender, age, date of birth, nationality, and identification document information (including passport, identity card, driver’s licence or other official government documentation)
Contact Details: personal and work contact details (addresses, emails and telephone numbers)
Payment and credit card information: such as bank accounts, name of cardholder, credit card number, credit card billing address and expiry date
Guest stay information and lifestyle information: such as hotels where you have stayed, arrival and departure dates and times, room preferences, leisure activities, names and ages of children, observation of your services preference, and other information necessary to fulfil special requests, your goods and/or services purchase information (including delivery address in case of purchasing goods), history and/or language preference. Information, feedback or content you provide regarding your interests and preferences
Profile Information: includes loyalty programme member information (including membership number and membership tier), online account details, profile or password details
Technical Information: includes information from our security systems such as from our closed-circuit television system, card key, internet login and firewalls
Usage data: includes information about how you use and interact with our website and mobile Apps and the services you use (such as IP address and web browsing information), your fingerprint or facial verification results if you use fingerprint or facial information to unlock or sign in the mobile App or use functions such as payment verification, as well as your location data if you permit us to access it on the website or mobile App
Sensitive Personal Information: some of the personal information which you provide to us may be considered “sensitive personal information” under the privacy and data protection laws in specific jurisdictions – such as personal information from which we can determine or infer an individual’s racial or ethnic origin, health or biometric data. We only process sensitive personal information to the extent permitted or required by applicable law
Please note that, in respect of minor’s personal information, except where required by local laws, we do not knowingly collect personal information from our websites from any children or minors. As a parent or legal guardian, please do not allow your children or minors to submit personal information without your permission.
We may collect, process and/or use the personal information which we collect in order to:
We will only collect, process and/or use the personal information where we are satisfied that we have an appropriate lawful basis to do so.
If you join the loyalty programme, we may process (including collect, store, use, edit, transfer, provide, publish or delete) your personal information (including information deemed sensitive personal information in Mainland China highlighted in bold) for operating the basic business functions of the loyalty programme, its website and mobile App. Unless otherwise stated, the personal information we process is necessary for the relevant business functions and processing purposes. If you refuse to provide the relevant personal information for our processing, we may not be able to operate the relevant business function and provide those services to you.
You need to carefully consider whether your sensitive personal information should be disclosed to us. It is necessary for you to provide us with such sensitive personal information, so that we can provide certain services to you. (If you are based in certain jurisdictions, including Mainland China, and if you do not provide us with your separate consent to process your sensitive personal information, we may not be able to provide certain services to you).
If you are based in the UK/EU then the applicable lawful bases for processing of your personal data in connection with each of the purposes below is set out in the final column.
Processing Purposes and Means | Personal Information Processed | UK/EU Lawful Basis | |
---|---|---|---|
1. | For administering your loyalty programme membership (including membership registration and managing your membership tiers) | Name, date of birth, loyalty programme membership number, membership tier, contact details (residential addresses, work address, emails and telephone numbers), loyalty programme account log in credentials, your guest stay information and lifestyle information, your goods and/or services purchase information/history, language preference | To perform a contract with you |
2. | For earning loyalty points | Name, loyalty programme membership number, membership tier, your goods and/or services purchase information/history | To perform a contract with you |
3. | For spending loyalty points to redeem goods and/or services | For spending points: your name, loyalty programme membership number, membership tier For redeeming goods and/or services by points: name of the recipient of goods and/or services, contact details (emails and telephone numbers), (in the case of purchasing goods) delivery address, goods and/or services redemption details, airline loyalty programme membership number | To perform a contract with you |
4. | For spending loyalty points to book hotel services | For spending points: your name, loyalty programme membership number, membership tier For booking hotel services on our website: your name, name of hotel, contact details (emails and telephone numbers), hotel check in and check out time | To perform a contract with you |
5. | For facilitating payment for hotel services on our system | Name, loyalty programme membership number, membership tier, payment information | To perform a contract with you |
6. | For providing customer support services (e.g. administrative communications about your loyalty programme membership) | Name, loyalty programme membership number, contact details (residential addresses, work addresses, emails and telephone numbers), your guest stay information, your goods and/or services purchase or redemption information/history | Legitimate interests (for running our business) |
7. | For fraud prevention and investigating any potential violation of applicable laws | Name, date of birth, nationality, identification document information (including passport, identity card, driver’s licence or other official government documentation), loyalty programme membership number, personal and work contact details (residential addresses, work addresses, emails and telephone numbers), IP address | Legal obligations (to comply with lawful request(s) from regulatory, government or judicial body, process information from accident reports, require processing of health and/or safety records) |
8. | For undertaking identity check and investigating any potential violation of our Group’s policies | Name, date of birth, nationality, identification document information (including passport, HKID, driver’s licence or other official government documentation), loyalty programme membership number, personal and work contact details (residential addresses, work addresses, emails and telephone numbers), IP address | Legitimate interests (for running our business, ensuring compliance with Group policies) |
9. | For resolving any issues with the loyalty programme website or mobile App and/or improving user experience of the website or mobile App | loyalty programme membership number, membership tier, IP address and web browsing information | Legitimate interests (for running our business, ensuring compliance with Group policies) |
Business functions aimed at improving our products / services
When necessary, we will collect your personal information for the purposes of improving our service quality, including providing you with better-performing services and personalised content, functions and recommendations, etc. If you refuse to provide the relevant personal information for our processing, we may not be able to provide certain services to you, but it will not affect your use of the basic business functions and other extended business functions.
Your personal information may be processed as follows:
Processing Purposes and Means | Personal Information Processed | UK/EU Lawful Basis | |
---|---|---|---|
1. | For designing personalised content on the loyalty programme website or mobile App | Name, date of birth, loyalty programme membership number, membership tier, contact details (residential addresses, work addresses, emails and telephone numbers), your guest stay information and lifestyle information, your goods and/or service purchase or redemption information/history, (for website only) IP address and web browsing information | Legitimate interests (to keep the website and mobile App updated and relevant to you, to grow our business) Consent (to the extent we use cookies or similar technologies for this purpose) |
2. | For marketing goods and/or services of our Group or our business partners | Name, age, loyalty programme membership number, membership tier, your guest stay information and lifestyle information, your goods and/or service purchase or redemption information/history, IP address and web browsing information | Consent (to the extent you have provided the consent for the purpose of our marketing) Legitimate interests (to grow our business and provide you with information about similar products and services which may be of interest to you) |
3. | For conducting data analytics, profiling, information management and database administration for the purpose of the operation of the loyalty programme website or mobile App | Name, age, loyalty programme membership number, membership tier, your guest stay information and lifestyle information, your goods and/or service purchase or redemption information/history and partially redacted IP address and web browsing information | Legitimate interests (to inform our strategy and to study how our customers use our services) Consent (to the extent we use cookies or similar technologies for this purpose) |
4. | For conducting market research, for statistical, data analytics, actuarial research or other purposes | Name, age, loyalty programme membership number, membership tier, your guest stay information and lifestyle information, your goods and/or service purchase or redemption information/history | Legitimate interests (to inform our marketing strategy and grow our business) |
Other extended business functions and system permissions
To provide you with a greater user experience on the loyalty programme website or mobile App, we may also process your personal information for other extended business functions. If you do not provide your personal information for an extended business function, you will not be able to use the corresponding services, but it will not affect your use of the basic business functions. You could choose to provide your personal information to us and select to use the extended business functions at your preference.
If you are using the mobile App, we will ask for your consent to our processing of your personal information for each of the following purposes and business functions in this paragraph. You can withdraw your consent to each of the following at any time by disabling our access rights in your device settings or mobile App settings:
Separately, the mobile App offers the function to chat within the mobile App with our personnel in the form of text messaging. Please note, any personal information provided by you in such conversations with our hotel staff will be treated as being provided to us for use in providing our customer support services, and such personal information will be processed in accordance with this Privacy Policy.
We may access your device clipboard, but we will not collect the clipboard information.
We will keep your personal information in line with our data retention policy for no longer than is necessary to fulfil the purposes we collected it for, unless we have a lawful ground for holding it for longer.
To determine the appropriate retention period for your personal information we consider the amount, nature and sensitivity of the information, the risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
For the purpose of the loyalty programme, unless required by applicable laws and regulations or with your consent, we will generally retain your personal information processed only for the loyalty programme for three (3) years after your membership account status becomes “dormant” (i.e. when there is no transaction involving your membership account for 24 consecutive months).
We will safely and securely delete, dispose of or anonymise personal information after the applicable retention period or when we no longer need it.
We endeavour to protect your personal information we maintain and have implemented reasonable technical, organisational and administrative measures to keep your personal information safe and secure and to protect it against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties that have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
When we outsource the processing of your personal information to third parties or provide your personal information to third-party services providers, we oblige those third parties to protect your personal information with appropriate security measures.
We do business globally. In order for us to operate effectively and provide you with the best experiences with our services, we may centralise certain aspects of our information processing activities and may have databases in different countries or regions (some of which are operated by our local group company and some of which are operated by third parties on our behalf). We may therefore have to share and transfer your personal information from one country or region to another, or even across multiple jurisdictions, such as:
Your personal information may therefore be subject to privacy laws that are different from those in the country or region where the personal information is collected or those in your country or region of residences. We will endeavour that the transfer of your personal information is carried out in accordance with applicable privacy laws and that appropriate technical, organisational and administrative measures are in place for its safeguard. For information on international transfers from the EU or UK, please also see section 2.7.
Insofar as reasonably necessary for us in delivering our products and services to you and for the purposes set out in this Privacy Policy, we may share your personal information with the below parties. The specific kind of information we share will depend on your activities with us and only to the extent as required or permitted by law, and/or with your consent.
We are always looking to continuously develop and expand our business. Accordingly, an entity of our Group may engage in mergers, acquisitions, dissolution, liquidation, transfer of assets or similar transactions, and in such cases, (i) we shall inform you of information that is required under applicable data protection laws; and (ii) your personal information may be transferred to any actual assignee or purchaser of all or any part of our (and/or our affiliates’) business and/or assets; and our service providers in these situations. In this case, we will ask the new company or organisation holding your personal information to continue to process your personal information in accordance with this Privacy Policy. If the new company or organisation needs to use your personal information for purposes not stated in this Privacy Policy, they will obtain your consent where required to do so in accordance with the applicable laws and regulations.
You may always choose what personal information (if any) you wish to provide to us. Please note, however, some of our products and services to you may be affected if you choose not to provide certain details, for example, we cannot reply to you without a name or contact details.
If you provide us with your contact details (e.g. postal address, email address, telephone number or fax number), we may contact you to let you know about the products, services, promotions and events offered that we think you may be interested in. You can always choose whether or not to receive any or all of these communications by contacting us as described in section 6 below. In addition to your agreeing to this Privacy Policy, we may also ask you to give us a separate consent before we send you with promotional information or to indicate how you would like to receive any communication (e.g. via email or regular mail). After you have indicated your preferences, you can always change them.
European Union (EU) or United Kingdom (UK) data protection law applies to the processing of information of residents of the European Union and United Kingdom.
We are the Controller and responsible for your Personal information under this Privacy Policy. This means we decide why we collect your data, how we collect it, what data is collected, how this data is going to be used and how this data is protected. Please refer to section 1.1 for further details.
We have appointed GRCI Law Limited as our DPO, who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, our privacy practices or how we handle your personal information please contact us in the first instance via email to dataprotection@langhamhotels.com or, alternatively, you can contact our DPO directly via email to dpoaas@grcilaw.com.
We have appointed IT Governance Europe Ltd to act as our EU representative. If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR), or have any queries in relation to your rights or general privacy matters, please contact us in the first instance via email to dataprotection@langhamhotels.com or, alternatively, you can contact our EU Representative directly via email to eurep@itgovernance.eu (please ensure you include our company name, Langham Hotels International Limited in any correspondence you send to our representative).
The table below describes the ways we plan to use your Personal information, and which Lawful Basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.
If you join the loyalty programme, we may also process your personal information in accordance with section 1.5 above.
LAWFUL BASIS TABLE
LAWFUL BASIS | PURPOSE EXAMPLES |
---|---|
Contractual We use your Personal information on the basis that it is necessary for us to fulfil a contract with you. | Onboarding When you register as a new client, or supplier and we interview and onboard you. Service delivery In order to be able to deliver our products and services to you Account administration Relationship management Communication To be able to contact you regarding updates or informative communications |
Legitimate interest Our legitimate business interests do not automatically override your interests – we will not use your Personal information for activities where our interests are overridden by the impact on you unless we have your consent or are otherwise required or permitted to by law. | Managing our business Developing and improving our services to you – such as performing market research, analytics and/or profiling, developing new products and services, improve the effectiveness of our website, your hotel experience, our various types of communications, advertising campaigns, and promotional activities Cooperation with third parties Recommendations, communications and marketing Advertising Effectiveness Safety and security Service reviews Data analytics We use data analytics to improve our website, products/services, marketing, customer relationships and experiences. Rights and claims Data subject rights Including verifying your identity when you exercise your data subject rights. |
Legal obligations We may use your Personal information to comply with any laws or regulatory requirements applicable to us. An example might be to detect fraudulent or criminal activity, whereby we may share information with forces such as the police. | Legal requirement Criminal activity |
Consent We may have to get your consent to use your Personal information, such as when we collect and use Special Category Personal information about you or when we want to send you electronic marketing. Where we rely on your consent for processing, it can be withdrawn at any time. Please see the “Right to withdraw consent” paragraph of section 2.5 Data Subject Rights below for details of how to withdraw your consent. | Marketing To measure and analyse the effectiveness of the advertising we serve you. We may collect IP addresses and store Cookies on visitors’ devices. Sending third-party direct marketing communications to you via email, letters or phone calls. Special Category Personal informationExpress consent for collecting and processing sensitive data also known as special category personal information (such as biometric data or data concerning health). |
You have several rights under UK and EU data protection law. The rights available to you depend on our reason for processing your information and are set out in the below.
TABLE OF YOUR RIGHTS
YOUR RIGHT | DETAILS |
---|---|
Right to be informed | We have a legal obligation to provide you with concise, transparent, intelligible, and easily accessible information about your personal information and our use of it. |
Right of access | You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information. When you request this data, this is known as making a data subject access request (DSAR). In most cases, this will be free of charge; however, in some limited circumstances, for example repeated requests for further copies, we may apply an administration fee. |
Right to rectification | You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. |
Right to erasure | You have the right to ask us to erase your personal information in certain circumstances. We have the right to refuse to comply with a request for erasure if we are processing the personal information for one of the following reasons:
|
Right to restriction of processing | You may ask us to stop processing your personal information. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing:
|
Right to data portability | This right only applies if we are processing information based on your consent or for the performance of a contract and the processing is automated. |
Right to withdraw consent | You may ask us to stop processing your personal information. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing:
|
In most circumstances, you do not need to pay any charge for exercising your rights. We have one month to respond to you. This may in certain circumstances be extended if your request is particularly complex or you have made a number of requests.
To exercise your rights or get more information about exercising them, please contact us using the contact details provided in “HOW TO CONTACT US”, giving us enough information to identify you.
Please refer to section 1.8 above for general details of transfers of personal information overseas.
Whenever we transfer your personal information out of the EU or the UK, we ensure that a similar degree of protection is afforded to it by ensuring one of the following safeguards is implemented:
For further details on the mechanisms used by us when transferring your personal information out of the UK, please contact us via email to dataprotection@langhamhotels.com or by post at 27/F, Great Eagle Centre, 23 Harbour Road, Wanchai, Hong Kong.
Please refer to section 1.9 above for information on how we may share your personal information.
You can contact us for the relevant information regarding the third party personal information recipients that are processing of your personal information or are based outside of the EU or UK, such as their identity, contact information, retention period, location, the processing activities undertaken by them (including types of personal information being processed, and the purposes and means of processing), their responsibilities in relation to processing of your personal information, (where applicable) the legal bases for such transfers to outside of the EU or UK and how you may exercise your personal information privacy rights against them. Our contact details are set out in section 6 “HOW TO CONTACT US”.
We hope that we can resolve any query or concern you raise about our use of your information. Please contact us first using the contact details provided in section 6 “HOW TO CONTACT US” and title your email “Complaint”. All complaints will be treated in a confidential manner, and we will try our best to deal with your concerns.
You have the right to lodge a complaint with a supervisory authority in the EEA member state where you work or normally live, or where any alleged infringement of data privacy legislation occurred. A list of these and their contact details can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.
The supervisory authority in the UK is the ICO, which may be contacted at https://ico.org.uk/make-a-complaint/ or by telephone on 0303 123 1113.
United States (US) federal and state privacy laws apply to the processing of information of residents of the United States. This section is meant to provide supplemental or specific information for residents of California and certain other US states. We encourage you to read the full policy for a complete picture of our privacy practices.
For purposes of the California Consumer Privacy Act (CCPA) personal information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
During the past 12 months, we have collected the following categories of information from the listed sources, used it for the listed business purposes and shared it with the listed categories of third parties. The categories of information include information we collect from our website visitors, registered users, vendors, suppliers and any other person that interacts with us either online or offline. Not all information is collected about all individuals. For instance, we may collect different information from applicants for employment or from vendors or from customers.
If you join the loyalty programme, we may also process your personal information in accordance with section 1.5 “WHAT INFORMATION WE PROCESS, AND HOW WE PROCESS AND USE YOUR INFORMATION IF YOU ARE A LOYALTY PROGRAMME MEMBER” in the General Terms. See also section 3.2 of this Notice below for our Notice of Financial Incentive for members of our loyalty programme.
Category of information collected | Source | Business purposes* for use | Categories of third parties receiving information |
---|---|---|---|
Identifiers (name, alias, date of birth, postal address, email address, phone number, fax number, account name, unique personal identifier, IP address) And Information About You. Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, your name, signature, physical characteristics or description, address, telephone number, bank account number, credit card number, debit card number, or any other financial information, or medical information,. | Individuals submitting information to us Information we may receive from third-party marketing and data partners (e.g., for making bookings and reservations) | auditing relating to transactions security detection, protection and enforcement; ad customization performing services for you including operating our loyalty programme internal research and development quality control | service providers (such as payment processors, mail houses, marketing partners, shipping partners) affiliated companies government regulators and law enforcement (when lawfully requested) |
Protected classification information (gender, ethnicity, religion, disability) | individuals submitting information | performing services for you to accommodate any special needs | service providers affiliated companies government regulators and law enforcement (when lawfully requested) |
Commercial information (transaction history, products/services purchased, obtained or considered, product preference) | individuals submitting information information we automatically collect from website visitors information we may receive from third-party marketing or data partners information we collect for security purposes | auditing relating to transactions security detection, protection and enforcement ad customization performing services to you including operating our loyalty programme internal research and development quality control | service providers (such as payment processors, mail houses, marketing partners, shipping partners) affiliated companies government regulators and law enforcement (when lawfully requested) |
Electronic network activity (browsing or search history, website interactions, advertisement interactions) | information automatically collected from website visitors | functionality debugging/error repair ad customization internal research and development quality control | service providers (such as marketing partners) affiliated companies government regulators and law enforcement (when lawfully requested) |
Audio, video or similar information (customer service calls, security monitoring) Geolocation (geo-targeting for digital and social media ads) | individuals submitting information information we automatically collect from website visitors information we may receive from third-party marketing or data partners information we collect for security purposes | auditing relating to transactions security detection, protection and enforcement performing services for you internal research and development quality control ad customization | service providers (such as payment processors) affiliated companies government regulators and law enforcement (when lawfully requested) service providers (such as marketing partners) |
Inference from the above (preferences, characteristics, behaviour, attitudes, abilities, etc.) | internal analytics | auditing relating to transactions security detection, protection and enforcement ad customization; performing services for you internal research and development quality control | service providers (such as payment processors, mail houses, marketing partners) affiliated companies |
We also collect the below categories of sensitive personal information as defined under California law.
We do not use or disclose your sensitive personal information for purposes other than those necessary to provide you with benefits and services, to aid in protecting and securing your personal information and our systems, to verify or maintain the quality or safety of our services and systems, or as otherwise permitted under regulations or required by law.
Category of sensitive information collected | Source | Business purposes* for use | Categories of third parties receiving information |
---|---|---|---|
Account log-in, password, or credentials allowing access to an account. | individuals submitting information (including employment applications) | auditing relating to transactions security detection, protection and enforcement performing services for you internal research and development quality control | service providers (such as payment processors, employee benefits partners) affiliated companies government regulators and law enforcement (when lawfully requested) |
Personal information collected and analyzed concerning a consumer’s health. | individuals submitting information | performing services for you to accommodate any special needs | service providers affiliated companies government regulators and law enforcement (when lawfully requested) |
Precise Geolocation | individuals via the mobile App | locate the hotels in proximity with guest location and sorting the offerings by these hotels. during the guest registration on the mobile App, pre-populate the location field and the country code based on the guest location | service providers |
*MORE SPECIFICALLY, THE BUSINESS PURPOSES INCLUDE:
PERFORMING SERVICES FOR YOU
ADVERTISING CUSTOMIZATION
For marketing and promotions we believe you may find of interest and to provide you, or allow selected third parties to provide you, with information about products and services that may interest you.
AUDITING RELATING TO TRANSACTIONS, INTERNAL RESEARCH AND DEVELOPMENT
SECURITY DETECTION, PROTECTION AND ENFORCEMENT; FUNCTIONALITY DEBUGGING, ERROR REPAIR
QUALITY CONTROL
We offer our customers the opportunity to participate in our loyalty programme, which provides benefits, including discounts on meals, goods or hotel services, as well as the opportunity to earn points which can be used to redeem goods or services. Those benefits are described along with other important information in the Terms and Conditions . A full list of our participating venues, along with the benefits they provide, can be found here .
In order to offer the our loyalty program to our members, we collect and process member’s personal information as described above in section 1.5 “WHAT INFORMATION WE PROCESS, AND HOW WE PROCESS AND USE YOUR INFORMATION IF YOU ARE A LOYALTY PROGRAMME MEMBER” in the General Terms.
We estimate the value of a member’s personal information to us, solely for purposes of the California Consumer Privacy Act (CCPA) and pursuant to the valuation criteria specified by the CCPA Regulations, to be on average approximately $0.39 per consumer in 2024. This estimate is not specific to any individual consumer and varies per consumer. We have based this good-faith estimate on the value that arises from our commercial relationships and the collection and retention of the personal information of consumers who have voluntarily signed up and chosen to remain in the loyalty programme. The value of programme benefits to members varies significantly as individual members take advantage of programme benefits to varying degrees.
To join our loyalty programme, you may sign up on the loyalty programme website or mobile App (including the WeChat mini program), the Guest Registration Card, our booking system, or (if you have been part of a pre-existing loyalty programme) register on our Legacy Enrolment page. Programme members can withdraw from the programme at any time via email to enquiry@brilliantbylangham.com , as well as through prescribed forms on our websites . You may also have the right to request that we delete personal information that we collect about you, as well as other rights as described in this Privacy Policy. As the personal information we collect from loyalty programme members is necessary for us to provide the programme, exercising your right to request that we delete your personal information may prohibit us from being able to continue to offer your membership in the programme.
We do “share” the below categories of personal information relating to California residents for cross-context behavioural advertising purposes. This means that we may share your personal information with our business partners in order to target advertising based on personal information obtained from your activity across businesses, distinctly‐branded websites, applications, or services, other than our websites and services with which you intentionally interact. We may also transfer your information to other third party services that provide us with data analysis and security services, which may fall under the definition of “other valuable consideration” and may be considered a “sale” under the CCPA. We do not otherwise “sell” your personal information, as defined under California law. During the past 12 months we disclosed the below categories of personal information with third parties for a business purpose which may fall within the definition of a “sale”.
You have the right to opt out of this sharing. If you are a California resident over the age of 16 and would like to instruct us not to sell your personal information, please visit our Do-Not-Sell web page here . We do not sell personal information of individuals we actually know are less than 16 years of age. If you request that we not sell your information we will honour your request within 15 days, will notify those who received your information in the 90 days before your request to not further sell your information and will notify you when this has been completed. Once we receive your Do-Not-Sell request we will wait at least 12 months before asking you to reauthorise personal information sales.
VISIT OUR DO-NOT-SELL WEB PAGE
OR call our toll-free number at (+1) 833-906-2154
Category of information we “share” or “sell” | Third Parties With Whom We Share This Information |
---|---|
Personal identifiers (identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, or other similar identifiers)
| service providers (such as marketing partners) affiliated companies |
Commercial information (transaction history, products/services purchased, obtained or considered, product preference) | service providers (such as marketing partners) affiliated companies |
Electronic network activity (browsing or search history, website interactions, advertisement interactions) | service providers (such as marketing partners) affiliated companies |
Geolocation (geo-targeting for digital and social media ads) | service providers (such as marketing partners) affiliated companies |
As a California resident, you may be entitled to all or some of the rights described below regarding your personal information, subject to certain conditions and limitations. Only those rights relevant to you will apply, and our inclusion of information about privacy laws does not imply that all privacy laws are applicable.
Data solely retained for data backup purposes is principally excluded from these rights until it is restored to an active system or next accessed or used for a sale, disclosure, or commercial purpose.
We will not discriminate against you as a result of your exercise of any of these rights.
HOW TO EXERCISE YOUR RIGHTS
In order to make a request for disclosure California residents may contact us by calling us toll-free at (+1) 833-906-2154 or by visiting our CCPA request page here . We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information) and will use that information only for that purpose. We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be. We will acknowledge receipt of your request within 10 days and will endeavor to respond within 45 days of receipt of your request, but if we require more time (up to an additional 45 days) we will notify you of our need for additional time. For requests that we not sell your information we will comply with your request within 15 days.
We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you. In order to verify your identity, you will need to submit information about yourself, including your name, contact information, and, to the extent applicable, providing your account login credentials. We will match this information against information we have previously collected about you or provided to you to verify your identity and your request. If we are unable to verify your identity as part of your request, we will not be able to satisfy your request. We are not obligated to collect additional information in order to enable you to verify your identity. For deletion requests, you will be required to submit a verifiable request for deletion and then confirm separately that you want personal information about you deleted. Information collected for purposes of verifying your request will only be used for verification.
You may make a request for disclosure of the information we collected about you, or our sharing practices in respect of that data up to twice within a 12-month period. You may make a request that we not sell information or for deletion of your information at any time.
For requests for a copy of the personal information we have collected during the 12 months prior to your request we will endeavour to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.
For requests for deletion of your information please understand that California law permits us to retain certain information and not to delete it under certain circumstances. By way of example, we are not required to comply with a request to delete information if the information is necessary for us to complete a transaction for you or otherwise perform a contract; to detect, protect against, or prosecute security incidents, fraud or illegal activity; to use the information only internally in ways reasonably aligned with your expectations as our customer (such as maintaining sales records), and to comply with legal obligations. If we receive such a request from you we will notify any service providers we have engaged to delete your information as well.
Please note that under applicable privacy law, we are only obligated to respond to personal information requests from the same consumer up to two times in a 12-month period. In addition, under applicable privacy law, and for the protection of your personal information, we may be limited in what personal information we can disclose.
California law also permits you to request in writing a list of the types of personal information that we have disclosed to a third party for their direct marketing purposes during the preceding year and to whom that information was disclosed.
VISIT OUR CCPA REQUEST PAGE OR
call our toll-free number at (+1) 833-906-2154
USING AN AUTHORIZED AGENT
You may submit a request through someone holding a formal Power of Attorney. Otherwise, you may submit a request using an authorised agent only if (1) you provide the authorized agent with written permission to make a request and (2) you verify your own identity directly with us. We will require the agent to submit proof to us that they have been authorized to make requests on your behalf.
This Notice applies to you if you are located in Mainland China.
Langham Hotels (Shanghai) Company Limited and Langham Hotels International Limited process your personal information for the purposes set out in this Notice and are the controllers of all customer personal information. More specifically, Brilliant Loyalty Program Limited (an affiliate of Langham Hotels (Shanghai) Company Limited and Langham Hotels International Limited) operates the loyalty programme and is the controller of the personal information of loyalty programme members.
In this Notice, “personal information” means any type of information (recorded via electronic means or otherwise) associated with an identified or identifiable natural person, but excluding any anonymised information. “Sensitive personal information” means personal information which, if leaked or used illegally, may easily cause harm to the dignity of natural persons, or cause harm to personal or property safety, including biometric information, religious beliefs, specific identity information, health and medical information, financial account information, individual location tracking information and personal information of minors under the age of fourteen (14).
In general, we may collect and process your personal information in the following scenarios:
In addition to the purposes listed above, we may process your personal information for the following purposes:
We will obtain your consent for the processing of your personal information as required by applicable laws and regulations. If there is any change to the types of personal information processed, the purposes for which such information is processed or the means of processing, we will obtain your consent for such change if required by applicable law. Please note, we shall not be required to obtain your consent to process your personal information if any of the following situations apply:
We may also indirectly receive your personal information from third party organisations, such as the various partners with whom we work, where you have provided your consent for such information to be shared with us or where we have a legal basis to use the personal information in order to provide you with our products and services. You may contact us for more information about the source of your personal information.
If you join the loyalty programme, we may process (including collect, store, use, edit, transfer, provide, publish or delete) your personal information in accordance with section 1.5 “WHAT INFORMATION WE PROCESS, AND HOW WE PROCESS AND USE YOUR INFORMATION IF YOU ARE A LOYALTY PROGRAMME MEMBER” in the General Terms.
Your indication of consent to the Privacy Policy shall not entitle us to collect and process all personal information for the loyalty programme. We shall only collect and process those personal information which are necessary to perform and carry out the relevant business functions or purposes.
Please refer to the section 5.1 “COOKIES” in the General Terms of the Privacy Policy on how we may use cookies to enhance your experience on the loyalty programme website. We use cookies to understand site usage and to improve the content and offerings on our sites. For example, we may use cookies to personalise your experience at our web pages (such as to recognise you by name when you return to our site), save your username in password-protected areas, and to offer you products, programs, or services. For further details, please refer to our Cookies Policy . You may refuse to accept the cookies in accordance with our Cookies Policy, but if you do, certain functionality may become unavailable.
We may market products or services or deliver messages to you based on your preferences, interests and other personal characteristics. These messages may be marketed or delivered to you by way of letter, email, short message service, through social media platforms and/or push notifications within the loyalty programme website or mobile App. If you do not wish us to target our marketing based on your personal characteristics or if you wish to opt out from direct marketing, please contact us using the contact details provided in section 6 “HOW TO CONTACT US” in the General Terms. If you are using the mobile App, you may also turn off the permission for access to notifications in your device settings or the settings in the mobile App. After the access is disabled, you will not be able to receive push notifications from the mobile App.
The loyalty programme (now the Brilliant Loyalty Programme) enrols members who are eighteen (18) years old or above. Except where required by local laws, we do not knowingly collect personal information for the loyalty programme from any minors. If you are below the age of eighteen (18), please do not use the Brilliant website or mobile App. As a parent or legal guardian, please do not allow your minors under the age of eighteen (18) to submit personal information for the loyalty programme without your permission.
Like most international hotel brands, we may outsource the processing of certain functions and/or information to third parties, and thus our Group entities, hotels and residences managed and operated by us, and other third parties (such as market research firms, agents, advisors, consultants, other third party suppliers and/or services providers to assist us to operate effectively and provide you with the best experiences with our services) may process your personal information on our behalf. When we outsource the processing of your personal information to third parties or provide your personal information to third-party services providers, we require those third parties to protect your personal information with appropriate security measures.
When we share your personal information with any third parties, we will strive to ensure (including but not limited to using contractual measures or adopt encryption for transfer to ensure) that such third parties comply with this Privacy Policy and other appropriate confidentiality and security measures that we require them to comply with when using your personal information, except for the personal information you provide directly to the third parties through the use of their services. Where we are jointly processing your personal information with a third party personal information controller, we shall ensure that our responsibilities in processing your personal information are clearly and distinctively defined.
Where necessary for the relevant purposes identified above in “HOW DO WE COLLECT AND USE YOUR PERSONAL INFORMATION?” and sections 1.4 “HOW WE PROCESS AND USE YOUR INFORMATION” and 1.5 “WHAT INFORMATION WE PROCESS, AND HOW WE PROCESS AND USE YOUR INFORMATION IF YOU ARE A LOYALTY PROGRAMME MEMBER” in the General Terms, we may transfer or disclose your personal information (including sensitive personal information) to third parties located outside Mainland China with your separate consent. We may not be able to provide certain services to you if we do not carry out such transfer. We have adopted contractual and security measures to protect your relevant rights and interests in relation to the transfer. In particular, where required by law, we will enter into a data transfer agreement with such third parties.
Your personal information may be disclosed to the parties listed in section 1.9 “INFORMATION SHARING” above for the corresponding purposes. Here you may see the details of third party personal information recipients that are processing of your personal information or are based outside Mainland China, such as their identity, contact information, retention period, location, the processing activities undertaken by them (including types of personal information being processed, and the purposes and means of processing), their responsibilities in relation to processing of your personal information, (where applicable) the legal bases for such transfers to outside of Mainland China and how you may exercise your personal information privacy rights against them. Our contact details are set out in section 6 “HOW TO CONTACT US” in the General Terms of this Privacy Policy.
We will store your personal information in local databases in Mainland China and/or databases elsewhere in compliance with applicable data protection laws and regulations. Our corporate office is based in Hong Kong and as we do business globally, for the purposes specified in this Privacy Policy, we may transfer your personal information to other countries or regions in accordance with the applicable data protection laws and regulations. For details about such cross-border transfer of your personal information, please see section 1.8 “INFORMATION TRANSFER OVERSEAS” in the General Terms.
We will keep your personal information in line with our data retention policy for no longer than is necessary to fulfil the purposes we collected it for, unless we have a lawful ground for holding it for longer. Please refer to section 1.6 “HOW LONG WE KEEP YOUR PERSONAL INFORMATION” in the General Terms for further details.
In order to ensure the correct use and to maintain the accuracy of personal information collected from you, as well as preventing unauthorised or accidental access, disclosure, alteration, loss or other use of personal information, we have implemented various internal management policies (including physical, electronic and management measures) and various security technologies and procedures based on the classification of personal information we collect from you. For example:
Please note, the network environment is not 100% secure. However, we will use our best endeavours to ensure security of your personal information, and assume any legal liabilities in relation to data security in accordance with applicable laws and regulations.
You are conferred by the applicable data protection laws with the following personal information subject rights.
We will respond to your requests of exercising your personal information subject rights in accordance with the applicable data protection laws. To the extent as permitted by laws and regulations, we may not be able to respond to your request of exercising your rights in the following circumstances:
To the extent permitted by relevant laws and regulations, we reserve the right to (i) refuse unreasonable requests (for example, requests which infringe the privacy of others); and (ii) charge a reasonable fee for the cost of processing any request set out above.
If you want to exercise any of the above rights or if you have any questions, complaints, concerns or requests regarding this Privacy Policy or our personal information processing practices, you can contact us using the contact details provided in section 6 “HOW TO CONTACT US” in the General Terms. If you are not satisfied with our reply, especially if you consider our processing of your personal information infringes your legal rights and interests, you can lodge a complaint or claim with your local cyber administration departments or courts in accordance with the law.
This Notice to Mainland China Residents is effective from 26 February 2024 (the previous version of this Notice is available here ). From time to time, we may have to update, change, modify or amend this Privacy Policy (including this Notice to Mainland China Residents). Where required under applicable laws and regulations, we may seek your consent for such updates. If you do not provide your consent, we may be unable to continue to provide our services to you. You may check the most updated Privacy Policy and this Notice to Mainland China Residents on our website and in the mobile App.
To enhance your experience on our website, some of our web pages may use “cookies.” Cookies are text files that we place in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your e-mail address or other personally identifiable information unless you choose to provide this information to us by, for example, registering for one of our services. However, once you choose to furnish the site with your personal information, this information may be linked to the data stored in the cookie. We use cookies to understand site usage and to improve the content and offerings on our sites. For example, we may use cookies to personalise your experience at our web pages (such as to recognise you by name when you return to our site), save your username and/or password in password-protected areas, and to offer you products, programs, or services. We may allow select third parties to collect information about our site visitors’ online activities over time and across other websites. We do not control the third parties’ use of such information. Please refer to our Cookies Policy.
We currently do not recognise do not track signals from your web browser. As technology develops, we may add this feature to our sites.
For your convenience and information, we provide links to external third-party websites, including web sites owned or controlled by independent franchisees, third party owners of hotel, resort, interval ownership, or residence properties that may use our brand name(s), or web sites not controlled or authorised by us. The linking of external third-party websites to this website does not indicate any association with or endorsement from us. We cannot always ensure, and are not responsible or liable for, any content of these external third-party websites, including, but not limited to, any advertising claims or marketing practices. Please note this Privacy Policy is limited to our own information collection practices. We strongly recommend that you read the separate privacy and security policies and the information collection practices of any external third-party website before providing any personal information while accessing those websites.
For any questions, concerns or requests regarding this Privacy Policy or our information collection practices, please contact us via email to dataprotection@langhamhotels.com or by post at 27/F, Great Eagle Centre, 23 Harbour Road, Wanchai, Hong Kong.
This Privacy Policy is in accordance with the relevant laws of the Hong Kong Special Administrative Region but may be applied to personal information processing activities globally. The processing activities may be more limited in some jurisdictions due to the restrictions of their laws. For example, the laws of a particular country may limit the types of personal information we can collect or the manner in which we process that personal information. In those instances, we may adjust our internal policies and/or practices to adapt to the requirements of local law.
This Privacy Policy is effective from 29 February 2024 . From time to time, we may have to update, change, modify or amend this Privacy Policy. Subject to any applicable legal requirements to provide additional notice, when we make material changes to this Privacy Policy, we will provide you with notice as appropriate under the circumstances such as through our website or by sending you an email.
This Privacy Policy is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this Privacy Statement, the English version shall prevail.
Legal Disclaimer
In addition to our rights of disclosure as mentioned hereinabove, we may also disclose your personal information when required by law or court order, or as requested by other government or law enforcement authorities, or in the good faith that disclosure is otherwise necessary or advisable including and without limitation to protect the rights or properties of our Group. This also applies when, in compliance with applicable laws, we have reason to believe that disclosing the personal information is necessary to identify, contact or bring legal action against someone who may be causing interference with our rights or properties, whether intentionally or otherwise, or when anyone else could be harmed by such activities.
Contents
The information and material contained in this site are for general references only. Our Group disclaims any warranty or representation of any kind, express or implied, as to any matter whatsoever relating to this site or any linked site. To the fullest extent allowed by law, our Group shall accept no responsibility or liability in respect of any loss or damage howsoever arising. Use of or visit this site does not constitute any binding contract over any goods and services provided by our Group, nor does it constitute an offer of any goods and services provided by our Group. Goods and services may only be available in certain countries and any offer to purchase goods or to retain services from our Group are subject to acceptance by our Group and in accordance with specific terms and conditions on which they are offered.
Copyright and Trademark Notices
All contents of this website are: ©2011-2024 Langham Hotels International Limited. 2701, Great Eagle Centre, 23 Harbour Road, Wanchai, Hong Kong. All rights reserved. This website may contain or reference trademarks, patents, copyrighted materials, trade secrets, technologies, products, processes or other intellectual property or proprietary rights of Langham Hotels International Limited and/or our Group. No license to or right in any such trademarks, patents, copyrighted materials, trade secrets, technologies, products, processes and other intellectual property or proprietary rights is granted to or conferred upon you.