Data Privacy & Security Policy
We Are Committed to Protect Your Privacy
The Hongkong and Shanghai Hotels, Limited, located at 8/F, St George’s Building 2 Ice House Street Central, Hong Kong and its group companies (“HSH Group”) have a strong commitment to provide quality service to our guests, patrons and potential customers and are further committed to protecting your privacy.
To ensure you can make informed decisions and feel confident about supplying personal data relating to you when purchasing our products and using our services, we provide this policy statement outlining our data collection practices and the choices you have concerning how the data is being collected and used.
The term “Data” refers to any personal information that can be used to identify you as an individual. It can include, among other things, your name, contact number, address, age, gender, passport or other identification document details, driver’s licence details, personal financial information, frequent flyer or travel partner information.
We limit the collection, use and retention of the Data to the specific information we need for legitimate purposes to administer our business, to provide you with quality service and offer various products or services from HSH Group companies that may be of interest to you. We take appropriate steps to protect Data collected against unauthorised access, disclosure or alteration, and to keep such Data up to date.
In order to protect your Data, we will require that you prove your identity to us in relation to your request to access your Data, which may consist of a copy of a government-issued identification, your signature and correspondence address so we can check them against our records and satisfy ourselves as to your identity. The above information is required to create an audit trail of how the request has been handled. Where a request is made, any correspondence or application may be kept and added to your Data.
This data privacy statement was written on 30 May 2011. In the future, we may need to make additional changes. All additional changes will be included in the latest data privacy statement published on this website, so that you will always understand our current practices with respect to the information we gather, how we might use that information and disclosures of that information to third parties. You can tell when this privacy statement was last updated by looking at the date at the top of the statement. Any changes to our statement will become effective upon posting of the revised statement on this site. We will seek your express consent to any changes to how we use or disclose your Data if requested by law but otherwise use of this site or our services following such changes constitutes your acceptance of the revised statement then in effect.
This privacy statement contains numerous general and technical details about the steps we take to respect your privacy concerns. We have organised the privacy statement by major processes and areas so that you can review the information of most interest to you.
- Data we collect and how we use it
- Internal Controls
- How we store and transmit Data
- How we track customer usage on our website
- E-mails about Special Offers and Promotions and Opt-Out
- How long will Data be retained for?
- Notifications in the event of breach
- Other Sites
- Children’s Privacy
- Legal Disclaimer
Data we collect and how we use it
The same types of information would be requested when you complete any purchase of Peninsula gift certificates or merchandise, or make online enquiries.
For hotel reservations, we may also ask for your travel details (including flight number, arrival and departure dates and time, as well as country/point of origin and destination) and room preferences to better prepare ourselves for your arrival and to serve you better before your departure.
For non-hotel related operations provided by HSH Group companies including but not limited to residential and commercial leasing, and operation of airport lounges, clubs and food and beverage outlets, we may ask you for Data such as your name, address, telephone number, e-mail address, identity card or passport details, tenancy particulars, employment particulars, club membership particulars, bank account and credit card information (including credit card number, code and expiry date) for payment purposes. We collect and use such Data to administer our business, and to offer various related products or services that may be of interest to you as a patron, tenant or club member.
When you browse this website, we do not collect Data unless you voluntarily and knowingly provide it to us, for example by accessing our website from a link in an e-mail that we send to you or where you have created a profile under My Peninsula and you log-in to your account.
Making a reservation and check-in at a Peninsula Hotel
The Data that you provide to us for making a reservation is made available to the applicable hotel for the purpose of completing your reservation request. We may also need to collect information as required by local laws such as passport numbers, type of entry visa, and driver’s license. Upon check-in, your Data will be verified by our staff and you will be requested to indicate whether you wish to opt in and receive hotel promotional literature. At times, we may make certain Data available to strategic business partners such as mail houses and e-mail service providers for the sole purpose of mailing and dissemination of promotional materials for Peninsula Hotels and its related facilities only. Data will not be shared with third parties for their own marketing purposes.
Making a reservation through our Global Customer Service Center or our Hotels
You can make a reservation by calling our Global Customer Service Center (GCSC) or by contacting a particular hotel. When making a reservation, you will be asked to provide Data such as your name, address, telephone number, address and method of payment, room preferences and special requests. Data obtained by GCSC will be sent in a secured environment to the relevant hotel. If you choose to provide us with your e-mail address, a confirmation and a pre-arrival message of your reservation will be sent to you by e-mail.
During your stay at a Hotel
We record your itemised spending to properly assemble your folio during your stay, which includes your room rate and other expenses billed to your room. We also record this information to comply with financial reporting requirements and those imposed by our auditors and government authorities. In order to assure your future comfort and attention to your individual needs, other stay specific information may also be stored in the property management system at the particular hotel, such as your food and beverage preferences and other special requests. Certain information regarding your service preferences may be made available to other Peninsula Hotels through our central database.
Making a purchase on our website
When making a purchase such as a gift certificate or a Peninsula merchandise, you will be asked to complete a form that includes your name, e-mail address, delivery address and credit card details for payment purposes. When the form is complete, your credit card number will be verified using a checking sequence to complete the transaction. Credit card information and Data are transferred over a Secure Socket Layer (SSL) connection. Doing so protects the confidentiality of your Data while it is transmitted over the Internet. Purchasing transactions are assisted by third party processors who are required by contract to protect the privacy of your Data. SSL is an industry standard for encryption over the Internet to protect Data supplied to us. We will use that information to assist in any inquiries about your transaction.
Accessing Our Website from a Web-enabled Mobile Devices
You can access our website from a web-enabled mobile device to find a Peninsula Hotel and/or restaurants operated by the HSH Group. In addition, you can download an application to your Apple iPhone/iPod/iPad with additional functionality. You can make a reservation from a web-enabled device. When you make a reservation, you may need to provide certain Data such as name, e-mail address and credit card information for guarantee purposes. You may also enrol in My Peninsula from a web-enabled device after completing an online room reservation on peninsula.com.
Creating and updating your My Peninsula account information
For hotel related services, upon completing an online room reservation, you can set up, review or update your My Peninsula information online. When enrolling in My Peninsula, you will be required to provide certain Data such as name, e-mail address, mailing address, room preferences and service requests.
Food and Beverage Outlet Reservations
We collect Data such as your name and phone number when you make a reservation at our food and beverage outlets. If you are a repeat guest at our food and beverage outlets or have filled out our food and beverage questionnaire, we may store your Data in our Customer Information System to serve you better upon your return.
We collect Data such as your name, contact details, and where necessary, credit card information for payment purposes when you make a spa reservation. In addition, we may also collect information relating to your health, allergies and treatment preferences before the spa treatment is commenced to ensure that your spa treatment is conducted under safe conditions.
Peninsula/American Express Card
If you apply for a Peninsula/American Express credit card, you will be required to provide certain Data as part of the credit card application process. We do not own any of the Data supplied to American Express group of companies in connection with the Peninsula/American Express credit card application process. You can refer to American Express’ privacy statement posted on their Web site to understand how the information you supply will be used. American Express is the issuer of the credit card, and all terms and conditions of being a cardholder are dictated by American Express.
Third Party Providers
This policy statement does not apply to our processing of Data on behalf of, or at the direction of, third party providers (for example, airlines, car rental companies) who may collect Data from you and provide it to us. In this situation, we would merely act as a data processor and thus advise you to review applicable third party providers’ privacy policies before submitting Data.
Please note that the HSH Group companies will never send you an e-mail requesting your password, credit card number or passport, personal identity card or social security number. If you receive any suspicious e-mails that looks like it is from our group, but asks you for your credit card number or passport, personal identity card or social security number, it is a fraudulent e-mail, or “phishing”. We recommend that you do not reply to the e-mail or click onto any links or pop-up messages and report to the local authorities which handle fraudulent e-mails. If you believe “phishers” have gained access to your personal or financial information, we recommend that you also change your password(s), alert your credit card service provider and bank and review credit card and bank account statements to check for unauthorised charges.
It is important to note that all e-mail communication is not secure. There is a risk inherent in the use of e-mail. Please be aware of this when requesting information or sending forms to us by e-mail, for example, from the “Contact Us” section of our website. We recommend that you do not include any sensitive information including credit card details when using e-mail or using any public computers/public WIFI. Our e-mail responses to you may not include any sensitive or confidential information. Please bear in mind that no security system or system of transmitting information over the Internet is guaranteed to be secure.
To be prudent, it is advisable to always close your browsers when you have finished completing a form or a reservation. Although the session will automatically terminate after a short period of inactivity, it is easier for a third party to gain access to your profile whilst you are logged onto our website and making a reservation.
How we store and transmit Data
At the Hotel and other group operations
Your Data may be shared with companies forming part of the HSH Group. We have policies and procedures to limit access to Data to authorised personnel only.
Our Customer Information System and Reservation System
We store certain customer information and reservation details in our Customer Information System and Reservation System. Both systems are secure customer databases stored on a dedicated server located in a data center in Hong Kong hosted by a third party service provider. The stored database includes Data such as guest name, address, phone numbers, position, company name and credit card information. We may also store other information such as your room, food and beverage, other service preferences and transaction history. This information may be shared within our group individual hotels to better anticipate your needs prior to and during your stay.
Our server resides behind firewalls to protect the Data collected from you against unauthorised or accidental access. Because laws applicable to personal information vary by country, our hotels or other business operations may put in place additional measures that vary depending on the applicable legal requirements.
In our marketing database
Certain of our group operations maintain a database of customer information which is used for marketing, promotion and research, understanding and analysing customer behaviour and customer profiling to improve our services. You will only receive marketing and promotional materials if you have opted-in or given permission on your hotel registration card, online via your My Peninsula account, or given your express and specific consent in some other customary form. You may elect to unsubscribe from receiving future e-mail promotions at any time.
Secure transmission and storage of data
We treat all Data that you provide to us as confidential information. To prevent Data from unauthorised access or leakage, we have adopted and regularly monitor our group’s security and data privacy policies and procedures. We use SSL protocol – an industry standard for encryption over the Internet, to protect the Data. When you type in sensitive information such as credit card details, it will be automatically encrypted and transferred over a SSL connection. This ensures that your sensitive Data is encrypted as it travels over the Internet. You will know that you are in a secure mode when the security icon (such as a lock) appears in the computer screen.
Data transmission across international borders
As a global company, we endeavor to provide you with the same outstanding service in Hong Kong, as you would find in New York or Tokyo. To achieve this goal, we have established a global network comprised of properties, offices, global customer service centers, data centers, trusted service providers, and trained associates around the globe. The nature of our business and our operations require us to transfer your Data to other group companies, properties, centers of operations, data centers, or service providers that may be located in countries outside of your own for the purposes mentioned in this Policy. Although the data protection and other laws of these various countries may not be as comprehensive as those in your own country, the HSH Group will take appropriate steps to ensure that your Data is protected and handled as described in this privacy statement. Therefore, in addition to the implementation of the present Policy, HSH will implement, where necessary appropriate measures, including contractual clauses, to secure the transfer of your Data to recipients (which may be internal or external to the HSH group) located in a country with a level of protection different from the one existing in the country in which your Data is collected.
Disclosure of information to third parties
In addition to the required information sharing described above, we use the services of third party agents, such as e-mail service providers and mail houses for the purpose of mailing materials to our patrons. These parties are contractually prohibited from using Data for any purpose other than for the purpose specified in their respective contracts. We do provide non-personally identifiable information to certain service providers for their use on an aggregated basis for the purpose of performing their contractual obligations to us. We do not permit the sale of Data to entities outside of the HSH Group for any use unrelated to our group operations or use of Data by third party for their own purposes. HSH will implement, where necessary appropriate measures, including contractual clauses, to secure the transfer of your Data to the third party service providers located in a country with a level of protection different from the one existing in the country in which your Data is collected.
How we track customer usage on our website
Our website only uses “cookie” technology as a tracking tool. Cookies do not retain registered guests’ information provided during the online reservations or My Peninsula registration. Cookies identify your browser, rather than you and cannot be used by themselves to disclose your individual identity. Cookies enable us to track the number of page visits from the same computer or browser to be aggregated for statistical purposes.
You may set your browser to block Cookies (consult the instructions for your particular browser on how to do this), although doing so will affect your ability to perform certain transactions, use certain functionality, and access certain content on our website.
Our group and our third-party service providers may use pixel tags (also known as “clear gifs”, “beacon gifs” etc.), tracking links and/or similar technology to:
- Track customer response to The Peninsula Hotels advertisements and website content;
- Determine your ability to receive HTML-based e-mail messages. Our e-mail service provider includes a pixel tag, which they refer to as a “coded sensor” in all of the HTML-based messages sent on our behalf. The sensor activates when the e-mail message is opened and flags the e-mail address of the user as one that is capable of receiving HTML-based e-mail messages. This capability helps our service provider to send the e-mail in a format you can read. The sensor does not collect or use any other information. If you cannot receive HTML, you will not receive a functioning sensor;
- Know how many users open an e-mail and allow our service provider to compile aggregated statistics about an e-mail campaign for us; and
- Allow us to better target interactive advertising, enhance customer support and site usability, and provide offers and promotions that we believe would be of interest to you. Your Data will not be collected apart from what you voluntarily provide us in your dealings with our group operations.
E-mails about Special Offers and Promotions and Opt-Out
It is our intention to only send you mail and e-mail communications that will be useful to you and that you may want to receive. When you indicate that you would like to receive promotional material either on a guest registration card or when you enrol in My Peninsula, or patronise our restaurants and provide your e-mail address to us specifically and expressly in order to receive marketing communications, we will periodically contact you via e-mail and provide information about special offers and promotions that may be of interest to you. These communications will relate to offers relating to The Peninsula Hotels, and restaurants and clubs operated by our group companies. We typically use third party e-mail service providers to send e-mails. These service providers are contractually prohibited from using your e-mail address for any purpose other than to send e-mails related to our group operations. Data will not be shared with third parties for their own marketing purposes.
We provide you the ability to unsubscribe from all marketing communications. Every time you receive an e-mail, you will be provided with the choice to opt-out of future e-mails by following the instructions provided in the e-mail. You may also opt-out of receiving promotional materials by updating your My Peninsula account, or sending a letter or fax to:
Data Privacy Team
The Hongkong and Shanghai Hotels, Limited
8/F St. George’s Building
2 Ice House Street,
Fax: +852 2147 3720
Please allow 10 business days for us to process your opt-out.
How long will Data be retained for?
Your Data will be stored for the period of time required or permitted by law in the jurisdiction of the operation holding the information. However, information that is stored on My Peninsula may be edited and deleted by users of such service at any time.
Data may be stored by Peninsula Hotels and other group operations as long as required for the business purpose for which these Data are processed.
Notifications in the event of breach
In the unlikely event of a Data breach, we are prepared to follow any laws and regulations which would require us to notify you of the disclosure of private information.
Our careers websites at www.peninsula.com and www.hshgroup.com allow individuals that wish to be considered for potential employment to attach their curriculum vitae for consideration. We will not use the information you provide for any purpose other than to determine your qualifications for potential employment at the HSH Group.
This website is not intended for children and minors and we do not knowingly solicit or collect Data from children and minors. As a parent or legal guardian, please do not allow your children to submit Data without your permission.
This privacy statement complies with the Personal Data (Privacy) Ordinance of the Hong Kong Special Administrative Region as well as applicable local laws.
As an international business with operations in different parts of the world, we may need to disclose Data when required by relevant law or court order, or as requested by other government or law enforcement authorities. This also applies when we have reason to believe that disclosing the Data is necessary to identify, investigate, protect, contact or bring legal action against someone who may be causing interference with our guests, visitors, associates, rights or properties (including this site), or to others, whether intentionally or otherwise, or when anyone else could be harmed by such activities.