Minors Data Privacy and Security Policy
MINORS’ DATA PRIVACY AND SECURITY POLICY
Effective Date: 1 April 2020
Last Updated: 20 December 2022
The Hongkong and Shanghai Hotels, Limited and its group companies and affiliates (“HSH Group”, “we” or “us”) is committed to protecting our customers’ Personal Data and have published the Data Privacy and Security Policy
In general, we do not proactively collect or process a Minor’s Personal Data without the Guardian’s consent. However, due to technical limitations, we are not able to identify the age of users in some scenarios, especially when providing online services. In such cases, we consider that users have the complete and legitimate right to provide their Personal Data to us pursuant to applicable laws and that we are allowed to collect and process their Personal Data in accordance with the Data Privacy and Security Policy If we have collected a Minor’s Personal Data unwittingly without the Guardian’s consent, we will delete such information timely after being informed of this.
Our website may contain links to other third-party websites. When visiting such third-party websites, please follow their own privacy policies. We do not undertake any responsibility or liability for their privacy policies or processing of Personal Data. Please carefully read these privacy policies before submitting any Personal Data (including Minor’s Personal Data) to such third-party websites.
1. How we collect and use Minors’ Personal Data
Personal Data refers to all kinds of information recorded in electronic or other forms which related to identified or identifiable natural persons, including but not limited to name, date of birth, ID card number, biometric information, email address, residential address, telephone number, etc.
1.1 To the extent necessary to provide products or services to Minors, we may collect and process Minor’s Personal Data for the following purposes:
(a) To administer hotel room reservation: Users can submit reservation requests via our website, our Global Customer Service Centre (GCSC) or our third-party service providers’ website. If a Guardian makes a reservation request through the above ways, we will collect the Minor’s Personal Data including name, age, nationality, and gender through the Guardian. If the Guardian and/or Minor have special requirements or preferences for room type and setup, transportation, food and beverage and internet access, we will also collect relevant information based on such requests;
(b) To verify the guardianship between a Minor and his or her Guardian: When you provide a Minor’s Personal Data to us, or request to exercise relevant rights, we may collect your contact details and identity information (such as ID card information and household register information) to verify your guardianship over the Minor. We will protect rights and interests over the Personal Data of you and the Minor(s) under your custody by linking their Personal Data with your account;
(c) To provide hotel-related services: To provide a Minor with hotel-related services, including but not limited to accommodation, transportation, food and beverages and special activities for Minors, and to meet any special needs, where necessary, we may collect the Minor's Personal Data, including:
(i) Check-in: In accordance with the applicable laws, we may be mandated to collect Minors’ Personal Data including their identity information (such as passport, ID card, household register, etc.), and may collect Minor Users’ type of entry visa (if required) to compete the check-in. In addition, according to Minor Users’ age, we may send with them different greeting cards to collect their name, age, favourite number, colours, food and toys, in order to provide them with better services;
(ii) Transportation service: To provide safe and on-time transportation service to Minors and their families, we may collect the age, number and travel plan of the passengers (e.g., arrival and/or departure time, destination, etc.);
(iii) Food and beverages services: To provide better food and beverages service, we may ask Guardians to fill in our questionnaire, including the name, date of birth, telephone number, email address and food preferences of themselves and their family members (including minors). In addition, we will also collect information about food taboos and preferences of Minors to provide customised services in a safe manner;
(iv) Taking part in activities designed for Minors: We provide interesting activities for Minors, e.g., calligraphy class, chocolate-making class, drawing class and swimming class. Guardians may sign up those activities via our online or offline channel. To administer reservations and for organizing activities, with Guardians’ consent, we may collect the Minors’ Personal Data, including name, gender, age, address, contact information and other Personal Data related to the activities (such as photos and video footages of activities) that the Minors are about to participate. We will not use relevant photos or videos of activities for marketing activities without the Guardians’ prior consents. In general, Minors are not allowed to purchase, sign up, or participate in these activities by themselves without their Guardian’s consent and company.
(v) Handling of accidents, medical service demands, and claims received by us: To handle or assist the Guardian in handling any accidents (e.g., contacting with emergency services providers), medical service needs and any claims related to Minors (e.g., personal injury claims), we may collect, and process Minors’ health related or medical information when necessary and appropriate;
(d) To provide residence and restaurant services: To complete transactions and provide services at request of the Guardian, we may collect certain information from the users based on actual needs, which may include Minors’ Personal Data; and
(e) Other customised services and products: To ensure the customers’ seamless enjoyment of our services in the future, we may collect and store their specific requirements and preferences (including Minor Users) to provide customised services satisfying personalised needs upon their return.
1.2 From what channels we collect Minors’ Personal Data
(a) With the Guardian’s consent, we may collect a Minor’s Personal Data directly from the Guardian or through third-party agents or service providers that are engaged by the Guardian to purchase, book or sign up online or offline services provided by us as mentioned above on his or her behalf.
2. How we share Minors’ Personal Data
2.1 In order to provide our customers with continuous and personalised services, we may share Minors’ Personal Data within the Group. We may share Minors’ Personal Data with the following third parties only for the following purposes or with the Guardians’ consent.
(b) Third parties who process Minors’ Personal Data on our behalf to help us carry out the activities described in the Section 1: We may permit selected external parties (e.g., vendors, suppliers, agents, contractors) to process Minors’ Personal Data for the purposes set out in Section 1. We have signed agreements with these third parties to prohibit them from using the Minors’ Personal Data for purposes other than that specified in the respective agreements, and to request these third parties to adopt appropriate safeguards measures when processing Minors’ Personal Data.
(c) Law enforcement agencies, government authorities, regulators, and the court to comply with our legal obligations or to handle incidents / claims: We may disclose Minors’ Personal Data when required by relevant laws or by court order or requested by other governmental or law enforcement authorities to assist with proceedings or investigations. Where permitted, we will share such request to or notify the Guardians before responding unless doing so would prejudice the prevention or detection of an actual or suspected crime. This also applies when we have reason to believe that disclosing Personal Data is necessary to obtain legal advice and/or to identify, investigate, protect, contact, or bring legal action against someone who may intentionally or unintentionally cause interference with or damage to our guests, visitors, associates, properties, or others; and
3. How we transmit, protect and store Minors’ Personal Data
3.1 Data transmission and storage across international borders
To process your reservation and payment and to provide Minor Users with other services related to our business, certain Minors’ Personal Data may be transferred to and processed in other countries or regions when necessary. Data protection laws may vary among these countries or regions which cause protection level of Minors’ Personal Data different. We take appropriate measures (including contractual provisions and technical mechanisms) to ensure Minors’ Personal Data will be securely transferred to and sufficiently protected by recipients at the same level as that in their originating countries or regions.
Please refer to Section 4 and Annex II: Local Specific Provisions – for individuals in China of the Data Privacy and Security Policy for additional provisions on how we transfer data across border and store Minors’ Personal Data originated from China.
3.2 Safety control
As a global company, we endeavour to provide all users with the same high-quality service, and to take commercially reasonable administrative, technical, and physical safeguards designed to protect Minors’ Personal Data we collect, store, and transmit from loss or being accidentally, unlawfully or unauthorisedly destructed, altered, disclosed or used. Please refer to Data Privacy and Security Policy for more information about how we transfer, protect, and store customers’ Personal Data.
3.3 In addition to safeguard measures as set out in Data Privacy and Security Policy, we also take the following measures to protect Minors’ Personal Data:
(a) In terms of access permission:
(i) We limit our employees’ access to Minors’ Personal Data as strictly as possible. Employees are not allowed to access to Minors’ Personal Data without an approval from the customer database manager or other competent administrators;
(ii) We record each access to Minors’ Personal Data and have taken and implemented technical measures and internal policy to protect Minors’ Personal Data from being copied or downloaded illegally or without any justification;
(b) In terms of the safety management system and personnel:
(i) We have set up an information security team to be responsible for the construction of the information security system;
(ii) We have established relevant safety management systems in information collection, storage, transmission, encryption, network security, vulnerability management and security incident handling.
(c) In terms of technical measures:
(i) We have adopted technical measures such as encryption to protect the security and confidentiality of information transmission;
(ii) We have adopted technical measures, such as intrusion detection/protection systems, network firewall, anti-virus techniques, anti-spam tools, etc., to protect the security and confidentiality of information preservation;
(d) In terms of security incident handling:
(i) We have developed a security incident reporting and disposal management system, such as HSH Group Cybersecurity Incident Management System and Emergency Response Plan;
(ii) When we discover any Minor’s Personal Data subject to the risks of leakage, damage or loss, we will immediately execute emergency plans and take remedial measures;
(iii) If any data leakage, damage, or loss occurs and has caused or will cause serious consequence, we will immediately report it to relevant government authorities and inform the Guardian of the affected Minor by email, letter, call or push notification in accordance with laws.
3.4 Despite such measures, please note that no company can fully eliminate risks or guarantee complete security of Minors’ Personal Data. Unauthorised entry or use, hardware or software failure, and other factors may compromise the data security. While we strive to put in place appropriate contractual protections, we are unable to guarantee the security of Minors’ Personal Data hosted on databases run by third parties, and we bear no liability for use or disclosure of Minors’ Personal Data or other data arising from data theft or other malicious actions.
4. Rights of Guardians and Minors
4.1 As the subjects of Personal Data, customers are entitled to specific rights to their Personal Data collected by us in accordance with the Data Privacy and Security Policy.
(a) Access: you can ask us to provide relevant inquiries and request to view the Minor’s Personal Data under your custody;
(b) Correction: you can ask us to correct any inaccuracies in the Minor’s Personal Data;
(c) Complaint: if you are not satisfied with our use of the Minor’s Personal Data or our response to you when you are exercising your rights, you may lodge complaints to the data protection authority in your country or region;
(d) Erasure: you can ask us to delete the Minor’s Personal Data. Unless otherwise specified by any laws or regulations, we will delete such data as per your request;
(e) Withdrawal of consent: you can withdraw your consent at any time. Please note that withdrawal of some consents may affect the Minor’s enjoyment of relevant services or goods we provide;
(f) Object to providing: you can decide whether to provide the Minor’s Personal Data to us; to the extent permitted by laws, we are also entitled to refuse providing certain goods or services to Minors on the ground of insufficient information;
(g) Object to processing: you can object to processing of the Minor’s Personal Data, unless otherwise specified by laws and regulations;
(h) Restriction: you can restrict our use of the Minor’s Personal Data during an investigation, e.g., whilst we are verifying the accuracy of the Minor’s Personal Data or the then effective grounds that we relied on to collect and store such data;
(i) Portability: where technically feasible, you can require us to transmit the Minor’s Personal Data to a third party as designated by you in a structured, commonly used and machine-readable form (if the request is made by the Minor, your consent is required)
(j) Updating information: we will use economically reasonable endeavours to ensure accuracy of the Minor’s Personal Data in our system. To keep the Minor’s profile updated, please notify us of changes to the Minor’s Personal Data by contacting us via the manners as set out in Section 5 below; and
(k) Notification in the event of breach: in the unlikely of data breach, we will inform disclosure of the Minor’s Personal Data in accordance with applicable laws.
Please note that the above rights are subject to the provisions regarding the Minor’s legal capacity or rights as well as various exceptional provisions and data protection laws of the country or region where the Minor is living in.
5. Contacting us
Global Data Privacy Team
The Hongkong and Shanghai Hotels, Limited
8/F St George’s Building
2 Ice House Street
Phone: +852 2926 2888
Fax: +852 2732 2933
Data Protection Officer in China Mainland
The Palace Hotel Ltd.
8 Goldfish Lane, Wangfujing, Beijing
The Peninsula Beijing
Phone: +86 10 8516 2888
The Peninsula Shanghai Waitan Hotel Company Limited
No. 32, The Bund 32 Zhongshan Dong Yi Road, Shanghai
The Peninsula Shanghai
Phone: +86 21 2327 2888
Alternatively, you can contact our Representative in the European Union at:
Peninsula Paris Hotel Management SARL
Ref: “EU Representative”
c/o The Peninsula Paris
19 avenue Kléber,
Paris, France, 75116
Attention: Executive Office / HSH Management Services Limited
Phone: +33 1 5812 2888
Or our Representative in the United Kingdom at:
Peninsula London Limited
(Acting as general partner on behalf of Peninsula London, LP)
Ref: “UK Representative”
c/o The Peninsula London Pre-Opening Office
First Floor, Interpark House,
Down Street, London W1J 7AJ,
Attention: Executive Office / HSH Management Services Limited
Phone: +44 20 8106 2888
Data Privacy Team
If after reviewing this privacy statement you have any privacy questions or concerns or would like to request access to, correction or object to the processing of your data for legitimate purposes, please contact our Data Privacy Team.
Data Privacy Team
The Hongkong and Shanghai Hotels, Limited
8/F, St George's Building
2 Ice House Street
Central, Hong Kong
+852 2147 3720