Last updated June 06, 2018
What personal data do we collect?
We collect personal data that you voluntarily provide. For example, you may provide personal data such as your name and contact information when booking a room or checking-in, enrolling in (or accessing your account for) a loyalty program, registering for newsletters and communications, or sending us inquiries and other correspondence. We may also receive personal data from a third party acting on your behalf, such as a travel agency requesting a reservation for you.
How do we use personal data?
We use personal data only as permitted by a proper legal basis, such as to fulfill our agreement with you, for other purposes you have expressly consented to, for purposes based on our legitimate business interests, or as required by law. For example, we may use your personal data to:
- Reserve, manage, and modify your booking
- Notify you of any changes or important information regarding your booking
- Enroll you in (or allow you to access) a loyalty program, if applicable
- Receive and accommodate any special needs or requests
- Register you to receive our newsletter or other communications per your request
- Provide surveys or other methods by which we can monitor and improve our performance
- Enroll you in any sweepstakes, contests, or other promotions at your request
- Respond to your inquiries and communications
- Resolve disputes or enforce our rights
If you wish to unsubscribe from any newsletters or marketing communications, please follow the unsubscribe or opt-out instructions in any such email, or notify us at any time by emailing us at DPO@kkhotels.com.
With whom do we share personal data?
We will not sell any of your personal data to any outside organization for their own marketing or other purposes. We only disclose your personal data to third parties as reasonably necessary to carry out the permitted uses described above. For example, we may share personal data with:
- our affiliates in the Highgate Hotels company group who help manage our hotels;
- our booking engine, payment processors, technical and customer support contractors, and other service providers who are required to
- keep the personal data confidential and are prohibited from using it other than to perform services on our behalf;
- our successors in the event of a sale, merger, acquisition, or similar transaction affecting the relevant portion of our business; and
- legal and governmental authorities or other third parties, to the extent required to comply with a legal order or applicable law.
If we need to transfer personal data from the EU to a country outside the EU, we take reasonable steps to ensure such personal data is appropriately protected. For jurisdictions that are not the subject of a data privacy adequacy decision by the European Commission, we use binding corporate rules, EU model clauses, or other permitted mechanisms to ensure an appropriate level of data privacy and security. For example, we may transfer personal data to Highgate Hotels, L.P., the parent of our management company. Highgate Hotels, L.P. is in the United States. We may remain liable for any onward transfer of personal data that we export from the EU.
How do we protect personal data?
We use appropriate technical and organisational measures to ensure a level of security appropriate to the risk presented by processing, in particular any unauthorized or unlawful processing, of your personal data.
Cookies and Anonymous data
“Anonymous Data” refers to general information that does not identify you personally (unlike personal data), including clicks, pages views and durations, IP address, referral links, use of particular services, and interest in services, information or features of the Site or other parties made available through or found at the Site. Anonymous Data is automatically collected by our servers when you visit the Site, including through the use of technology such as cookies and web beacons. We may use and share Anonymous Data as we deem useful in our sole discretion, including to operate, maintain, develop, market and improve the Site, our hotels, and our services.
We also use third party advertising technology to serve hotel advertisements to you on other sites. The technology gathers anonymous data about your Site visits and visits to other sites where hotel advertisements appear in order to serve you with hotel advertisements on third party sites. When these advertisements are served to you, third party persistent cookies may be put on your computer.
For example, we use AdRoll (www.adroll.com, https://www.adroll.com/about/privacy) to serve you customized advertisements on third party sites based on your interaction with the Site. As you browse the Site, advertising cookies will be placed on your computer so that we can understand what you are interested in. Our display advertising partner, AdRoll, then enables us to present you with retargeting advertising on other sites based on your previous interaction with the Site. The techniques our partners employ do not collect personal data. You can visit https://www.networkadvertising.org/choices/ to opt out of AdRoll and its partners’ targeted advertising.
The hotels, through their respective third party advertising/marketing vendors, may also use pixel tags to collect Anonymous Data. The pixel tags are computer coding usually fixed to Site pages or emails that allows our vendors to anonymously collect certain pieces of information. The hotels, in conjunction with our advertising/marketing and email vendors, may use pixel tags to:
- Allow our advertising/marketing vendors to recognize cookies on your browser when you visit the Site. This assists our advertising/marketing vendors with determining if you reached the Site by clicking on a specific ad and/or to track your responses to hotel advertisements served on third party sites. It may also reveal if a Site reservation was executed.
- Determine your technical ability to receive HTML emails. The pixel tag allows us to know if an email sent to you is opened and marks email addresses as ones that can receive HTML emails.
- Determine how many users open a specific email. This allows us or our email vendor to collect anonymous and aggregated statistics about a specific email blast or campaign.
- Allow us or our third party advertising/marketing vendors to deliver targeted advertising on third party sites.
- Allow us to make the Site more usable and make our customer support better.
- Allow us to deliver to you promotional materials, offers, and other information that we believe would be relevant.
You may set or configure your browser to block or disable cookies. Please review your browser instructions for details on that. Please note that by disabling cookies, this could affect your use of the Site and/or restrict your interaction with the Site. The Site currently does not respond to “do not track” requests. Please note that our advertising/marketing vendors may handle “do not track” requests differently from the hotels.
Your right to request access, modification and deletion
You have the right to request access to the personal data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of applicable law. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than yourself. If you would like to request access to, correction, amendment, or deletion of your PII, you can submit a written request to the contact information provided below. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access to or making any changes to your PII. In some circumstances we may charge a reasonable fee for access to your information. If we deny your request, we will provide you with a written explanation of the reasons for our determination.
We generally retain your personal data only as long as may be reasonably necessary to carry out the purposes set forth in this Policy. Please note that we reserve the right to maintain proper business and transactional records as permitted or required by law, even if such records contain your personal data.
Where we are processing your personal data based on your consent, you have the right at any time to withdraw such consent by contacting us at DPO@kkhotels.com. Please note that we may continue to process such personal data only if supported by another lawful basis (such as to fulfill our obligations to you, in connection with our legitimate business interest, or as required by law).
Inquiries or Complaints
If you have any questions or complaints about our data processing practices, please first contact us at DPO@kkhotels.com. If we are unable to resolve your complaint, you also have the right to raise your inquiry or complaint with the applicable data protection authority in your home country.
We are typically the data controller, as that term is used in applicable privacy laws, for any personal data that we collect from you. However, when we collect personal data about you from a third party (e.g., travel agencies), the third party may be the data collector for such data and we may be the data processor. If we are acting as the data processor, we will only process the relevant personal data as requested by the data controller, and may need to refer any inquiries from you to the applicable data controller.
The Site is intended for individuals 13 years of age and older, and is not directed at, marketed to, nor intended for, users younger than 13 years of age. If we learn that we are in possession of any personal data relating to a person younger than 13 years of age, we will make commercially reasonable efforts to promptly delete such personal data from our systems.
Third Party Sites
The Site may contain links to external websites or social media platforms not controlled by us. We are not responsible for the privacy practices and data collection policies for third party sites. You should consult the privacy policies of those sites for details.
Changes to this Policy
We may change this Policy from time to time. We will comply with any legal requirements regarding the provision of notice, but will always post the then-current version of this Policy on the Site. If any proposed changes affect the use or disclosure of personal data collected under a prior version of the Policy, we will take reasonable attempts to notify you (for example by posting a notice on the Site or emailing you) in advance to offer you a reasonable opportunity to object to any such changes. Please monitor this Policy from time to time to ensure you are apprised of our current privacy practices.
If you have any questions or complaints about this Policy or our privacy practices, or to exercise any of your rights stated in this Policy, please contact us at DPO@kkhotels.com.