PERSONAL INFORMATION COLLECTION STATEMENT ("Statement")
Dorsett Hospitality International Limited, headquartered in Hong Kong, its parent, subsidiaries and affiliates, and their hotels (collectively referred to as "Dorsett", "we", "our" or "us") have created this Statement to demonstrate our firm commitment to protect your privacy and to provide you with information in relation to the personal data and/or personal information ("Personal Data") Dorsett may collect from you as required by local laws and regulations and those of other applicable laws and regulations in the different jurisdictions that Dorsett may collect, use or transfer your Personal Data.
Dorsett may collect your Personal Data from time to time in its dealings with you, for example, when you complete forms and questionnaires or make enquiries in connection with the provision of products, services, activities or facilities by Dorsett at your request; register with Dorsett through our websites or other third party accounts; or enrol in the Dorsett loyalty program.
Depending on the purpose of the collection, the Personal Data Dorsett may collect from you includes but is not limited to your name, address, contact numbers, and email address. Personal Data may also relate to other persons relevant to the information, products, services, activities or facilities you have requested. The provision of Personal Data or any information is voluntary and we may not use your Personal Data unless with your consent. However, if you do not provide the mandatory data required, we may not be able to process your enquiries or requests or provide you with the requested products, services, activities or facilities.
When using our services or participating in our events and activities, there are chances that you may, and by submitting this form, unconditionally agree to be photographed by our staff or other participants or guests.
Use of Personal Data
We may use your Personal Data collected by us for one or more of the following purposes from time to time: providing and processing your requests, reservations or bookings for our products, services, activities or facilities; providing you with access to all parts of our websites; direct marketing of products, services, activities or facilities by Dorsett and our related entities or business partners (you may elect to opt out from receiving any marketing materials - see section 8.4); conducting market research, surveys and analysis; processing your application for, and managing, operating and maintaining, membership of the Dorsett loyalty program; providing you with information on the activities and benefits of it; billing and debt collection; dealing with your suggestions, enquiries or complaints; communicating with you generally; preventing, detecting or investigating suspicious or illegal activities; and meeting legal and regulatory requirements and/or making disclosure when required by any law, court order, direction, code or guideline applicable in your relevant jurisdiction.
Transfer of Personal Data
Your Personal Data held by Dorsett will be kept confidential. Except with your prior consent or as required by law, we will not transfer or disclose your Personal Data to any third party except to our subsidiaries, associated companies and/or business associations; our service providers, data processors or advisors in connection with our operations and our provision of your requested products, services, activities or facilities; and those as required by any applicable laws, rules or regulations, subject to a duty of confidentiality.
We endeavour to deal only with responsible third parties but as we have no control over the acts of such third parties for example the data processors, the privacy protection stated in this Statement ceases to apply to any information which is disclosed to such third parties in accordance with this Statement and we assume no responsibility for the privacy protection provided by such third parties.
If you wish to exercise any such right, please contact us at firstname.lastname@example.org or by post to “18/F., Far East Consortium Building, 121 Des Voeux Road Central, Hong Kong”. If you are in the EU, our postal address is “Ground Floor, 12 Stanhope Gate, London, England W1K 1AW”.
This Statement may be revised from time to time. If there is any inconsistency between the English and Chinese version of this Statement and/or our Policy, the English version shall prevail.
We have categorised this Statement and Policy by major processes and areas so that you can review the information of most interest to you:
Please read this Statement and Policy carefully before submitting any Personal Data to us. If, after reviewing this Statement and Policy you have any privacy questions or concerns or would like to exercise your rights under this Statement and Policy, please send your request and/or question in writing to us at email@example.com or by post to the following address:
Dorsett Hospitality International
18/F., Far East Consortium Building
121 Des Voeux Road Central
Central, Hong Kong
If you are in the EU, our postal address is:
Dorsett Hospitality International
Ground Floor, 12 Stanhope Gate,
London, England W1K 1AW
Please allow us 30 days to process your request.
Except for direct marketing, use of our websites, namely www.dorsett.com, www.dorsetthotels.com, www.dcollection.com, www.silkahotels.com, www.daobydorsett.com (collectively, “Websites”), signifies your consent to this Statement and Policy, including the collection and use of your Personal Data as described in this Statement and Policy. We reserve the right to change, modify or amend this Statement and Policy from time to time. Any changes will be included in the latest Statement and Policy published on our Websites so that you will always understand our current practices with respect to the information we gather, how we might use that information and disclose that information to third parties. You will know when this Statement and Policy was last updated by looking at the date at the top of this Statement and Policy. Any changes to this Statement and Policy will become effective upon its posting on our Websites. Continued access and use of our Websites and/or services following any changes also constitutes your acceptance of the revised Statement and Policy then in effect. Nevertheless, we will seek your consent to any substantial changes if required by relevant laws and regulations or any changes made to the use of Personal Data you provided to us in a manner different from that stated at the time of collection.
1. Purposes of collecting your Personal Data
We limit the collection, use and retention of your Personal Data to the specific information we need. We might use your Personal Data collected from you or gathered from our Websites, strictly for the performance of our agreements with you and for our legitimate purposes such as:
Unless you have expressly opted not to participate when providing us with your Personal Data, we may share these with our carefully selected partners or merchants.
Also when using our services or participating in our events and activities, there are chances that you may be photographed by our staff or other participants or guests. By accepting our services or submitting the application to participate in such events and activities, you unconditionally agree to be photographed, and further agree to the use and/or uploading of such photographs by us on our Websites and/or our promotional and marketing materials.
Where you have consented, we might also use your Personal Data for direct marketing purposes, for example, we will periodically contact you by post or via email and provide information about our special offers and promotions that may be of interest to you. If you have changed your mind in receiving such promotional materials, please refer to section 8.4.
2. Personal Data we collect and how we use it
You are always offered options as to whether to provide your Personal Data to us and/or our business partners during our collection of your Personal Data. The provision of Personal Data or any information is voluntary and we may not use your Personal Data unless with your consent. However, if you do not provide the mandatory data required, we may not be able to process your enquiries or requests or provide you with the requested products, services, activities or facilities.
2.1 Anonymous Browsing
Visitors to our Websites do so on an anonymous basis. We do not collect Personal Data from you unless you voluntarily and knowingly provide us, for example when you reach our Websites through our electronic direct mail, or where you have created a profile or account under our Websites and/or when you are making inquiries or reservations/bookings.
2.2 Making a room reservation and check in at our hotels
If you would like us to make a reservation at one of our hotels, we will request for your Personal Data for payment purposes and to administer our business. We may also ask for your travel details and room preferences to better prepare ourselves for your arrival and to serve you better before your departure. Such Personal Data will be made available to the applicable hotel for the purpose of completing your reservation request. If reservation is made through our Websites, such Personal Data will be passed via a third-party system to our hotel operating systems under data encrypted environment. We may also need to collect certain Personal Data as required by local laws such as passport numbers, type of entry visa and driver’s licence details.
The same type of Personal Data may be requested when you make any online enquiries.
We will also use your email address to send an email confirmation of your booking, and a pre-arrival message summarising your confirmation details and preferences. Such pre-arrival message will include other information about the hotel, the area and the weather.
Upon check in, your Personal Data will be verified by our staff or via mobile devices (including but not limited to electronic tablets and robot self check-in kiosks) through Wifi or any wireless internet connection and you will be requested to indicate whether you wish to opt-in and receive hotel promotional literature. With your consent, we may also make certain Personal Data available to strategic business partners such as mail houses and email service providers for the sole purpose of mailing and dissemination of promotional materials for us, such as invitation to participate in our online survey and/or with promotion materials for your next booking. Your Personal Data will not be shared with third parties for their own marketing purposes.
If you are making a reservation or completing check-in through Wifi or any other wireless internet connection, you should understand and accept the risk of entering personal data through these internet connection methods, which is out of our responsibility. For reservations, data encryption process begins when you arrive and accept the secure sockets layer (“SSL”) certificate at the booking engine page and when data is passing from the third-party payment card industry (“PCI”) compliant central reservation system to our PCI compliant operating systems. Please bear in mind that no security system or system of transmitting information over the internet is guaranteed to be secure.
2.3 Making a room reservation by calling us
You can make a reservation by calling one of our hotels. When making a reservation, you will be asked to provide your Personal Data for payment purposes and to administer our business. If you choose to provide us with your email address, a confirmation and a pre-arrival message of your reservation will be sent to you by email.
2.4 During your stay at our hotels
We record your itemised spending to properly assemble your folio during your stay, which includes your room rate and other expenses billed to your room. We also record the information to comply with financial reporting requirements and those imposed by our auditors and government authorities. In order to assure your future comfort and attention to your individual needs, other stay specific information may also be stored in the property management system, such as your food and beverage preferences and other special requests. Certain information regarding your service preferences may be made available to our other hotels through our central database.
2.5 Accessing our websites from mobile devices
You can access our Website from mobile devices to find our hotels and/or restaurants and make a reservation. When you make a reservation or complete check-in using mobile devices (including but not limited to electronic tablets and robot self check-in kiosks), you may need to provide certain Personal Data for guarantee purposes. You should understand and accept the risk of entering your Personal Data through Wifi or any wireless internet connection, which is out of our responsibility. Please bear in mind that no security system or system of transmitting information over the internet is guaranteed to be secure.
2.6 Creating and updating your account information
For hotel related services, upon completing an online room reservation, you can set up, review or update your information online. When enrolling for our newsletter or loyalty program, you will be required to provide certain Personal Data such as name, email address, mailing address, room preferences and service requests. Such Personal Data will be stored in our email marketing tool service provider which follows strict data privacy laws and be used strictly by our business units for communication to subscribers and marketing promotion only. Please bear in mind that no security system or system of transmitting information over the internet is guaranteed to be secure.
2.7 Food and beverage outlet reservations
We collect your Personal Data when you make a reservation at our food and beverage outlets. If you are a repeat guest at our food and beverage outlets or have filled out our food and beverage questionnaire, we may store your Personal Data in our databases used by our business units’ operation to serve you better upon your return.
2.8 Non-hotel related services
For our non-hotel related operations including but not limited to residential and commercial leasing, we may ask for your Personal Data for payment purposes and administer our business. With your consent, we might also offer various related products or services that may be of interest to you as a patron, tenant or club member.
2.9 Third Party Providers
This Statement and Policy does not apply to our processing of your Personal Data on behalf of third party providers who may collect your Personal Data from you and provide it to us. In this situation, we would merely act as a data processor and thus you should review applicable third party providers’ privacy policies before submitting your Personal Data to them.
2.10 Fraudulent emails
Please note that we will never send you an email requesting your Personal Data, for example password, credit card number or passport, personal identity card or social security number. If you receive any suspicious emails that look like they are from us but ask for your Personal Data, it is likely a fraudulent email or ‘phishing’. We recommend that you do not reply to the email or click onto any links or pop-up messages and report to the local authorities which handle fraudulent emails. If you believe ‘phishers’ have gained access to your Personal Data or financial information, we recommend that you change your password(s), alert your credit card service provider and bank and review credit card and bank account statements to check for unauthorised charges.
2.11 Unsecure communication
It is important to note that all email communication is not secure. There is a risk inherent in the use of email. Please be aware of this and when requesting information or sending forms to us by email, or when using email or using any public computers/public Wifi, we recommend that you do not include any Personal Data or sensitive information including credit card details. Our email responses to you will not include any sensitive or confidential information. Please bear in mind that no security system or system of transmitting information over the internet is guaranteed to be secure.
3. Internal Controls
This Statement and Policy is updated as required to reflect any changes in applicable laws and developments in best practice procedures. Further, we limit the access to your Personal Data and only share your Personal Data with our internal staff who are directly involved in the process of providing quality service to you.
4. How we store and transmit Personal Data?
All Personal Data gathered is stored in our secure server and all practicable steps have been taken to ensure that your Personal Data is protected against unauthorised or accidental access, disclosure or alteration and to keep such Personal Data up to date. However, we cannot be held responsible for unauthorised or accidental access which is beyond our control.
4.1 Our databases and operating & marketing systems
We store your Personal Data in our databases used by operation and marketing systems. These systems, owned and managed by us or by selected third party vendors, are carefully selected to secure your Personal Data. Systems with databases that will be storing credit card information are PCI compliant. We may also store other information such as your room, food and beverage, other preferences and transaction history. This information may be shared and/or used by our business units for research, understanding and analysing customer behaviour and customer profiling to enhance customers’ experience and communication with them prior to, during, and after the stay. Laws and regulations applicable to Personal Data protection vary by country, therefore we may put in place additional measures that vary depending on the applicable legal requirements.
From time-to-time, we may request Personal Data from you through contests. Participation in these contests is completely voluntary and you have a choice whether or not to disclose your Personal Data. They may include contact information (such as name and address), and demographic information (such as zip code, age level). Contact information gathered from contests will be used to notify the winners and award prizes. Demographic information will be used for purposes of monitoring and improving your experience on our Websites.
We may co-sponsor some contests on our Websites with other companies. If you enter one of these contests, our co-sponsor may receive or collect your Personal Data. In such cases, we will tell you who is collecting your Personal Data, how our co-sponsor may use the information and how you can contact our co-sponsor.
4.3 Secure transmission and storage of data
We treat all the Personal Data that you provide to us as confidential information. We use an industry standard for encryption over the internet, to protect your Personal Data. When you type in your Personal Data such as credit card details, it will be automatically encrypted and transferred over a SSL connection. This ensures that your Personal Data is encrypted as it travels over the internet. You will know that you are in a secure mode when the security icon (such as a lock) appears in the window browsers.
4.4 Data transmission across international borders
As a global company, we endeavour to provide you with outstanding services. To achieve this goal, we have established a global network comprised of properties, offices, trusted service providers, and trained associates in locations where we operate, including Hong Kong, Mainland China, the United Kingdom, Australia, Singapore, Malaysia, Germany, Austria and Czech Republic. The nature of our business and our operations require us to transfer your Personal Data to other group companies, properties, centres of operations, data centres, or service providers that may be located in countries outside of your own for the purposes mentioned in this Statement and Policy, including Hong Kong, Mainland China, the United Kingdom, Australia, Singapore, Malaysia, Germany, Austria and Czech Republic. Although the data protection and other laws of these various countries may not be as comprehensive as those in your own country, we will take appropriate steps to ensure that your Personal Data is protected and handled as described in this Statement and Policy. Therefore, in addition to the implementation of this Statement and Policy, we will implement, where necessary appropriate measures, including contractual clauses, to secure the transfer of your Personal Data to recipients (which may be our internal or external parties) located in a country with a level of protection which may be different from the one existing in the country in which your Personal Data is collected.
Please note that we endeavour to deal only with responsible third parties, but we have no control over the acts of these third parties This Statement and Policy ceases to apply to any information which is disclosed to such third parties in accordance with this Statement and Policy and we assume no responsibility for the privacy protection provided by such third parties.
4.5 Disclosure of information to third parties
In addition, we use the services of third party agents, such as email service providers and mail houses for the purpose of mailing materials to you. These parties are contractually prohibited from using your Personal Data for any purpose other than for the purpose specified in their respective contracts. We do provide non-Personal Data to certain service providers for their use on an aggregated basis for the purpose of performing their contractual obligations to us. We do not permit the sale of Personal Data to business units/entities not owned by, managed by, and/or affiliated with us for any use unrelated to our group operations or use of Personal Data by third party for their own purposes. We will implement, where necessary, appropriate measures, including contractual clauses, to secure the transfer of your Personal Data to the third party service providers located in a country with a level of protection though different from the one existing in the country in which your Personal Data is collected.
How we track your usage on our Websites
We may have engaged some web analytics services providers (“Web Analytics Services Providers”) to design and provide us web analytics services. They may use small invisible images known as “web beacons” or “tracking pixels” (in the next point”) in their digital products and services when providing us those services. These web beacons are used to count the number of times something has been seen but are anonymous and do not contain or collect any of your Personal Data.
Cookies allow our Web Analytics Services Providers to recognize your browser or device and, for example, identify whether you have visited our Websites before, what you have previously viewed or clicked on, and how you found us. The information is anonymous and only used for statistical purposes. Such information allows us to track information, such as how many individual users we have and how often they visit our websites. It also helps us to analyze patterns of user activity and to develop a better user experience. For example, we might see that many people who viewed “Special Offer” also viewed “Local Guide” on our Websites.
Web analytics data and cookies cannot be used to identify you as they never contain your Personal Data such as your name or email address. However, if you have registered and signed in to your registered account with us, we may combine your Personal Data from your registration with the data we received from our Web Analytics Services Providers to analyze how you and our guests use our Websites in detail and, where you have opted in to receive communications from us, to send you email and other communications that might be of interest to you. The combined information may include information that is collected by the Web Analytics Services Providers while you are not signed in, and information that was collected using cookies and similar technologies before you registered or signed in. Where the combined information can be used to identify you, we use it in accordance with this Statement and Policy.
Cookies may be placed on your device by our third party service providers which remember that you have visited a website in order to provide you with targeted advertising which is more relevant to you and your interests. This is often called online behavioural advertising (“OBA”) (also known as “behavioural targeting”, “remarketing”, ”retargeting” or ”interest based advertising”) and is done by grouping together shared interests based upon previous web browsing activity. Advertising may then be displayed to you when you visit our Websites or other websites, that are built with these third-party service providers’ advertising elements, which matches these interests. Your previous web browsing activity can also be used to infer things about you, such as your demographics (age, gender etc.). This information may also be used to make the advertising on any of these websites more relevant to you.
Personalised retargeting is another form of OBA that enables our advertiser partners to show you advertising based on your online browsing away from our Websites. For example, if you visited the website of a retail company you may start seeing advertisng from the same retail company displaying special offers or showing you the products that you were browsing when you come to our Websites. This allows companies to advertise to people who previously visited their website. These cookies will usually be dropped by third-party advertising networks.
Although these cookies can track your visits around the web they don't know who you are. Without these cookies, online advertisements you encounter will be less relevant to you and your interests.
5.2 Other third party cookies
Please note that on some pages of our Websites you may notice that cookies have been set that are not related to us or our authorised service providers. When you visit a page with content embedded from, for example, YouTube or Facebook, these service providers may set their own cookies on your web browser. These anonymous cookies may be set by that third party to track the success of their application or to customize their application to you. We do not control the use of these cookies and cannot access them due to the way that cookies work, as cookies can only be accessed by the party who originally set them. You should check with these third-party websites for more information about their cookies.
5.3 How to control your cookies
5.3.1 Managing cookies in your browser
Most modern browsers will allow you to:
See what cookies you've got and delete them on an individual basis.
Block third party cookies.
Block cookies from particular sites.
Block all cookies from being set.
Delete all cookies when you close your browser.
You should be aware that any preferences will be lost if you delete cookies. Ironically, this includes where you have opted out from cookies, as this requires an opt-out cookie to be set. You may also set your browser to block cookies (consult the instructions for your particular browser on how to do this), although doing so will affect your ability to perform certain transactions, use certain functionality, and access certain content on our Websites. Therefore, we do not recommend turning all cookies off. Also, many websites will not work properly if you block cookies completely. If you are primarily concerned about third party cookies generated by advertisers, you can turn these off separately.
5.4 Pixel Tags
We and our third-party service providers may use pixel tags (also known as ‘clear gifs’, ‘beacon gifs’ etc.), tracking links and/or similar technology to:
5.5 Google Analytics
Google analytics is a web analysis service provided by Google. Google utilizes the data collected to track and examine the use of all domains owned by us (i.e. our Websites) and all websites pages under these domains to prepare reports on its activities and share them with other Google services.
6. Email about special offers and promotions
When you indicate that you would like to receive promotional material either during the reservation or check-in process or when you subscribe for our newsletter, or patronise our restaurants and provide your email address to us specifically and expressly consent to receive marketing communications, we will periodically contact you via email and provide information about special offers and promotions that may be of interest to you. These communications will relate to offers relating to us and our restaurants as well as other services operated by us. We typically use third party email service providers to send emails. These service providers are contractually prohibited from using your email address for any purpose other than to send emails related to our operations. Your Personal Data will not be shared with third parties for their own marketing purposes.
7. How long will Personal Data be retained for?
Your Personal Data will be stored by us for the period of time required or permitted under relevant laws and regulations or until it is no longer necessary in relation to the purposes for which they were collected or otherwise processed. However, credit card data will be removed based on PCI compliance requirements.
8. Your rights
8.1 Right to access to and/or correction of your Personal Data
You have the right to make a request to us on whether we hold or are processing your Personal Data and if so, what kind of Personal Data is held by us, the purposes of using such kind of Personal Data, to whom we have transferred your Personal Data and be supplied with a copy of your Personal Data. You are also entitled to make necessary correction(s) to your Personal Data held by us. In order to protect your Personal Data, we might require you to prove your identity which may consist of your name, contact number, passport or other identification document details so that we can check them against our records and satisfy ourselves as to your identity. However, we may refuse to comply with your request if you fail to provide us verification information or with reference to relevant laws and regulations. The mentioned Personal Data is required to create an audit trail of how the request has been handled. Where a request is made, any correspondence or application may be kept and added to your Personal Data. In any case, please allow us 30 days to process your request.
8.2 Right to restriction of processing
You have the right under relevant laws and regulations to block or suppress our processing of your Personal Data, for example, when you contest the accuracy of your Personal Data in our records, you object to the processing and/or you require your Personal Data to establish, exercise or defend a legal claim etc.
8.3 Right to data portability
You have the right to receive your Personal Data in a structured, commonly used and machine-readable format if the process is carried out by automated means and, where technically feasible, the right to have your Personal Data transmitted from us to another data controller.
8.4 Right to unsubscribe or opt-out
We will not use your Personal Data for direct marketing purposes unless with your consent provided during reservation or check-in processes, in written form or through electronic means, or when you subscribe to our newsletter, or patronise our restaurants and provide your Personal Data to us specifically and expressly for receiving marketing communications. If, at any time, you would like to unsubscribe or opt-out from any of the marketing communications which you have previously opted in to receive, kindly contact us. Please allow us 30 days to process your request.
8.5 Right to be forgotten
Once you have withdrawn your consent, we will erase your Personal Data. We will also erase your Personal Data when it is no longer necessary in relation to the purposes for which they were collected or otherwise processed unless such erasure is prohibited under relevant laws and regulations. However, we may not be able to continue providing services to you if you ask us to delete your Personal Data entirely to the extent we can do so under relevant laws and regulations.
9. Notifications in the event of breach
In an unlikely event of Personal Data breach, where feasible and applicable under relevant laws and regulations, we will, within 72 hours after having become aware of such breach, notify the relevant supervisory authority. We are also prepared to follow relevant laws and regulations which would require us to notify you without undue delay after having become aware of such breach.
If applicable, we will notify you and the supervisory authority in your relevant jurisdiction about any data breach that is likely to result in serious harm to you unless an exception applies, for example, where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals.
10. Links to other sites
11. Policy on people under the age of 18 and minors
Our Websites are not intended for persons under the age of 18 and minors. We do not and will not knowingly solicit or collect Personal Data from them. As a parent or legal guardian, please do not allow any person under the age of 18 and minors to submit their Personal Data without your permission.
Should you have any comments on this Statement and Policy or Personal Data protection, please contact us by email at firstname.lastname@example.org. You may also lodge your complaints with a supervisory authority in your country.
If you make a complaint to us relating to privacy, we will do our best to ensure that an investigation is completed and a decision about your complaint is communicated to you within a reasonable time of us being advised of the complaint.
If you are dissatisfied with our response to any complaint you make relating to privacy in your relevant jurisdiction, you can take your complaint to the relevant supervisory authority.
13. Legal Disclaimer
This Statement and Policy is designed to provide compliance with all relevant applicable laws and regulations, in particular those our businesses are subject to. We recognize that certain laws and regulations might be modified to require more stringent standard than those described in this Statement and Policy, in which case the more stringent standards shall apply. If applicable laws and regulations provide for a lower level of protection of Personal Data than this Statement and Policy, then this Statement and Policy shall prevail.
As an international business with operations in different parts of the world, we may need to disclose your Personal Data when required by relevant law or court order, or as requested by other government or law enforcement authorities. This also applies when we have reason to believe that disclosing your Personal Data is necessary to identify, investigate, protect, contact or bring legal action against someone who may be causing interference with our guests, visitors, associates, rights or properties (including our Websites), or to others, whether intentionally or otherwise, or when anyone else could be harmed by such activities.