DATA PRIVACY STATEMENT AND SECURITY POLICY
We are committed to protect your privacy Dorsett Hospitality International, headquartered in Hong Kong and its group of hotels have a strong commitment to provide quality service to our guests, patrons and potential customers and are further committed to protecting your privacy.
We use the information this website gathers strictly for marketing purposes such as determining travel patterns, tailoring promotions and working with affiliated partners. Unless you have expressly opted not to participate when providing us with your personal information, we may share certain information with our carefully selected partners or merchants for marketing purposes.
All information gathered is stored in our secure server and all practicable steps have been taken to ensure that the information you have provided is protected against unauthorised or accidental access. However, we cannot be held responsible for unauthorised or accidental access which is beyond our control.
To ensure you can make informed decisions and feel confident about supplying personal data relating to you when using our services, we provide this policy statement outlining our data collection practices and the choices you have concerning how the data is being collected and used.
The term ‘Data” refers to any personal information that can be used to identify you as an individual. It can include, among other things, your name, contact number, address, age, gender, passport or other identification document details, driver’s licence details, personal financial information, frequent flyer or travel partner information.
We limit the collection, use and retention of the Data to the specific information we need for legitimate purposes to administer our business, to provide you with quality service and to offer various products or services from Dorsett Hospitality International and its group of hotels that may be of interest to you. We take appropriate steps to protect Data collected against unauthorised access, disclosure or alteration, and to keep such Data up to date.
This data privacy statement and security policy (“Statement and Policy”) contains general and technical details about the steps we take to respect your privacy concerns. We have categorised this Statement and Policy by major processes and areas so that you can review the information of most interest to you.
(1) Data we collect and how we use it
(2) Internal Controls
(3) How we store and transmit Data
(4) How we track customer usage on our website
(5) Emails about Special Offers and Promotions and Opt-Out
(6) How long will Data be retained for?
(7) Notifications in the event of breach
(8) Other Sites
(9) Children’s Policy
(10) Legal Disclaimer
Please read this Statement and Policy carefully before submitting any Data to us, if, after reviewing this Statement and Policy you have any privacy questions or concerns or would like to request access to, correction or object to the processing of your Data for legitimate purposes, please send an email to email@example.com or send a letter or fax to:
Dorsett Hospitality International
18/F., Far East Consortium Building
121 Des Voeux Road Central
Central, Hong Kong>
Please allow 10 business days for us to process any correction of Data.
In order to protect your Data, we will require that you prove your identity to us in relation to your request to access your Data, which may consist of a copy of a government-issued identification; your signature and correspondence address so that we can check them against our records and satisfy ourselves as to your identity. The above information is required to create an audit trail of how the request has been handled. Where a request is made, any correspondence or application maybe kept and added to your Data.
This Statement and Policy was written on 20th June 2013. In the future, we may need to make additional changes. All additional changes will be included in the latest Statement and Policy published on this website, so that you will always understand our current practices with respect to the information we gather, how we might use that information and disclose that information to third parties. You will know when this Statement and Policy was last updated by looking at the date at the top of this Statement and Policy. Any changes to this Statement and Policy will become effective upon its posting on this website. We will seek your consent to any substantial changes of how we may use or disclose your Data if requested by law. Continued use of our services following such changes constitutes your acceptance of the revised Statement and Policy then in effect.
(1) Data we collect and how we use it
When you request a particular service from us or otherwise interact with Dorsett Hospitality International and our group of hotels, we will ask you to voluntarily provide us with Data that we need. For example, if you would like us to make a reservation at one of our hotels, we will request for Data such as your name, address, telephone number, email address and credit card information for payment purposes (including credit card number, code and expiry date). We will use your email address to send an email confirmation of your booking, a pre-arrival message summarising your confirmation details and preferences, and post-stay marketing message. Such pre-arrival message will include other information about the hotel, the area and the weather and post-stay marketing message may include invitation to participate our online survey and/or with promotion materials for your next booking.
The same type of information may be requested when you make any online enquiries.
For hotel reservations, we may also ask for your travel details (including flight number, arrival and departure dates and time, as well as country/point of origin and destination) and room preferences to better prepare ourselves for your arrival and to serve you better before your departure.
For non-hotel related operations provided by Dorsett Hospitality International and its hotels including but not limited to residential and commercial leasing, and operation of airport lounges, clubs and food and beverage outlets, we may ask you for data such as your name, address, telephone number, email address, identity card or passport details, tenancy particulars, employment particulars, club membership particulars, bank account and credit card information (including credit card number, code and expiry date) for payment purposes. We collect and use such Data to administer our business, and to offer various related products or services that may be of interest to you as a patron, tenant or club member.
1.1 Anonymous Browsing
Visitors to www.dorsett.com, www.dorsetthotels.com, www.dcollection.com, www.silkahotels.com (our “Websites”) do so on an anonymous basis. We do not collect personal data from you unless you voluntarily and knowingly provide us, for example when you reach our Websites through our electronic direct mail, or where you have created a profile or account under our Websites and/or when you are making inquiry, reservations/bookings.
1.2 Making a room reservation and check in at a Dorsett Hospitality International hotel
The Data that you provide to us for making a reservation is made available to the applicable hotel for the purpose of completing your reservation request. If reservation is made through our Websites, Data will be passed via a third party system to our hotel operating systems under data encrypted environment. We may also need to collect information as required by local laws such as passport numbers, type of entry visa and driver’s license. Upon check in, your Data will be verified by our staff and you will be requested to indicate whether you wish to opt in and receive hotel promotional literature. At times, we may make certain Data available to strategic business partners such as mail houses and email service providers for the sole purpose of mailing and dissemination of promotional materials for Dorsett Hospitality International and its related facilities only.
Data will not be shared with third parties for their own marketing purposes.
If you are making reservation through Wifi or any other wireless internet connection, you should understand and accept the risk of entering personal data through these internet connection methods, which is out of Dorsett Hospitality International’s responsibility. Data encryption process begins when you arrive and accept the SSL certificate at the booking engine page and when data is passing from the third party PCI compliant central reservation system to our PCI compliant operating systems. Please bear in mind that no security system or system of transmitting information over the internet is guaranteed to be secure.
1.3 Making a room reservation through our hotels
You can make a reservation by calling a particular hotel. When making a reservation, you will be asked to provide Data such as your name, address, telephone number, and method of payment, credit card details, room preferences and special requests. If you choose to provide us with your email address, a confirmation and a pre-arrival message of your reservation will be sent to you by email.
1.4 During your stay at a hotel
We record your itemised spending to properly assemble your folio during your stay, which includes your room rate and other expenses billed to your room. We also record the information to comply with financial reporting requirements and those imposed by our auditors and government authorities. In order to assure your future comfort and attention to your individual needs, other stay specific information may also be stored in the property management system, such as your food and beverage preferences and other special requests. Certain information regarding your service preferences may be made available to other Dorsett Hospitality International hotel through our central database.
1.5 Accessing our websites from mobile devices
You can access our website from mobile devices to find hotels and/or restaurants operated by the Dorsett Hospitality International group. You can make a reservation from mobile devices. When you make a reservation using mobile devices, you may need to provide certain Data such as name, email address and credit card information for guarantee purposes. You should also understand and accept the risk of entering personal data through WiFi or any wireless internet connection, which is out of Dorsett Hospitality International’s responsibility Please bear in mind that no security system or system of transmitting information over the internet is guaranteed to be secure.
1.6 Creating and updating your account information
For hotel related services, upon completing an online room reservation, you can set up, review or update your information online. When enrolling for our newsletter, you will be required to provide certain Data such as name, email address, mailing address, room preferences and service requests. Such Data will be stored in our email marketing tool service provider which follows a strict data privacy law and be used strictly by Dorsett Hospitality International and business units owned, managed, and/or affiliated by Dorsett Hospitality International for communication to subscribers and marketing promotion only. Please bear in mind that no security system or system of transmitting information over the internet is guaranteed to be secure.
1.7 Food and Beverage Outlet Reservations
We collect Data such as your name and phone number when you make a reservation at our food and beverage outlets. If you are a repeat guest at our food and beverage outlets or have filled out our food and beverage questionnaire, we may store your Data in our databases used by Dorsett Hospitality International’s and business units’ operation and marketing teams that are owned, managed, and/or affiliated by Dorsett Hospitality International to serve you better upon your return.
1.8 Third Party Providers
This Statement and Policy does not apply to our processing of Data on behalf of, third party providers who may collect Data from you and provide it to us. In this situation, we would merely act as a data processor and thus you should review applicable third party providers’ privacy policies before submitting Data to them.
1.9 Fraudulent emails
Please note that Dorsett Hospitality International will never send you an email requesting your password, credit card number or passport, personal identity card or social security number. If you receive any suspicious emails that look like our group, but ask you for your credit card, number of passport, personal identity card or social security number, it is likely a fraudulent email or ‘phishing’. We recommend that you do not reply to the email or click onto any links or pop-up messages and report to the local authorities which handle fraudulent emails. If you believe ‘phishers’ have gained access to your personal or financial information, we recommend that you also change your password (s), alert your credit card service provider and bank and review credit card and bank account statements to check for unauthorised charges.
1.10 Unsecure communication
It is important to note that all email communication is not secure. There is a risk inherent in the use of email. Please be aware of this and when requesting information or sending forms to us by email, for example, from the ‘Contact Us’ section of our website. We recommend that you do not include any sensitive information including credit card details when using email or using any public computers/public WiFi. Our email responses to you may not include any sensitive or confidential information. Please bear in mind that no security system or system of transmitting information over the internet is guaranteed to be secure.
(2) Internal Controls
Our Statement and Policy is updated as required to reflect any changes in applicable laws and developments in best practice procedures. Further, we limit the number of individuals within the companies with access to Data to those directly involved in the process of providing quality service to you. Your Data may be shared with companies forming part of Dorsett Hospitality International and its affiliated entities.
(3) How we store and transmit data?
3.1 Our databases and operating & marketing systems
We store certain customer information and reservation details in our databases used by operation and marketing. These systems, owned and managed by Dorsett Hospitality International or by selected third party vendors, are carefully selected to secure the Data. The databases may include Data, such as, guest name, address, phone numbers, position, company name and/or credit card information. Systems with databases that will be storing credit card information are PCI compliant. We may also store other information such as your room, food and beverage, other preferences and transaction history. This information may be shared and/or used by Dorsett Hospitality International and its owned, managed, and/or affiliated business units for marketing and/or analysis purpose to enhance customers’ experience and communication with them prior to, during, and after the stay.
3.2 Certain of our group operations maintain marketing databases of customer information which are used for marketing, promotion and research, understanding and analysing customer behaviour and customer profiling to improve our services.
Because laws applicable to personal information vary by country, Dorsett Hospitality International and its owned, managed, and/or affiliated business units may put in place additional measures that vary depending on the applicable legal requirements.
From time-to-time, we may request information from you through contests. Participation in these contests is completely voluntary and you have a choice whether or not to disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as zip code, age level). Contact information gathered from contests will be used to notify the winners and award prizes. Demographic information will be used for purposes of monitoring and improving your experience on this site.
We may co-sponsor some contests on our site with other companies. If you enter one of these contests, our co-sponsor may receive the information collected or may collect the information directly. In such cases, we will tell you who is collecting your information, how our co-sponsor may use the information and how you can contact our co-sponsor.
3.4 Secure transmission and storage of data
We treat all Data that you provide to us as confidential information. We do not have that yet, so delete. We use an industry standard for encryption over the internet, to protect the Data. When you type in sensitive information such as credit card details, it will be automatically encrypted and transferred over a SSL connection. This ensures that your sensitive Data is encrypted as it travels over the internet. You will know that you are in a secure mode when the security icon (such as a lock) appears in the window browsers.
3.5 Data transmission across international borders
As a global company, we endeavour to provide you with the outstanding services . To achieve this goal, we have established a global network comprised of properties, offices, trusted service providers, and trained associates in locations where we operate. The nature of our business and our operations require us to transfer your Data to other group companies, properties, centers of operations, data centers, or service providers that may be located in countries outside of your own for the purpose mentioned in this Statement and Policy. Although the data protection and other laws of these various countries may not be as comprehensive as those in your own country, Dorsett Hospitality International will take appropriate steps to ensure that your Data is protected and handled as described in this Statement and Policy. Therefore, in addition to the implementation of this Statement and Policy, Dorsett Hospitality International will implement, where necessary appropriate measures, including contractual clauses, to secure the transfer of your Data to recipients (which may be internal or external to Dorsett Hospitality International) located in a country with a level of protection though different from the one existing in the country in which your Data is collected.
3.6 Disclosure of information to third parties
In addition to the required information sharing described above, we use the services of third party agents, such as email service providers and mail houses for the purpose of mailing materials to our patrons. These parties are contractually prohibited from using Data for any purpose other than for the purpose specified in their respective contracts. We do provide non-personally identifiable information to certain service providers for their use on an aggregated basis for the purpose of performing their contractual obligations to us. We do not permit the sale of Data to business units/entities not owned by, managed by, and/or affiliated with Dorsett Hospitality International for any use unrelated to our group operations or use of Data by third party for their own purposes. Dorsett Hospitality International will implement, where necessary appropriate measures, including contractual clauses, to secure the transfer of your Data to the third party service providers located in a country with a level of protection though different from the one existing in the country in which your Data is collected.
(4) How we track customer usage on our website
To enhance your experience on our website, some of our web pages may use "cookies." Cookies are text files that we place in your computer's browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally-identifiable information unless you choose to provide this information to us by, for example, registering for one of our services. However, once you choose to furnish the site with your personally-identifiable information, this information may be linked to the data stored in the cookie.
Web analytics services may be designed and operated by other companies on our behalf. They do this using small invisible images known as "web beacons" or "tracking pixels (in the next point)" that may be included in the Digital Products and Services. These are used to count the number of times something has been seen. These web beacons are anonymous and do not contain or collect any information that identifies you.
Cookies allow web analytics services to recognize your browser or device and, for example, identify whether you have visited our websites before, what you have previously viewed or clicked on, and how you found us. The information is anonymous and only used for statistical purposes. It allows us to track information, such as how many individual users we have and how often they visit our websites. It also helps us to analyze patterns of user activity and to develop a better user experience. For example, we might see that many people who viewed Special Offer also viewed Local Guide and we can then recommend Local Guide for everyone.
Web analytics data and cookies cannot be used to identify you as they never contain personal information such as your name or email address. However, if you have registered and signed in to your registered account with us, we may combine information from your registration with the data we get from the web analytics service and its cookies (or similar technologies) to analyze how you and other people use our websites in detail and, where you have opted in to receive communications from us, to send you email and other communications that might be of interest to you. The combined information may include information that is collected by the web analytics services while you are not signed in, and information that was collected using cookies and similar technologies before you registered or signed in. Where the combined information can be used to identify you, we use it in accordance with this Statement and Policy.
You may set your browser to block Cookies (consult the instructions for your particular browser on how to do this), although doing so will affect your ability to perform certain transactions, use certain functionality, and access certain content on our website.
• Cookies may be placed on your device by our third party service providers which remember that you have visited a website in order to provide you with targeted adverts which are more relevant to you and your interests. This is often called online behavioural advertising (OBA) (also known as ‘behavioural targeting' or ‘remarketing’ or ‘retargeting’ or ‘interest based advertising') and is done by grouping together shared interests based upon previous web browsing activity. Advertising may then be displayed to you when you visit our websites or other websites, that are built with these third party service providers’ advertising elements, which matches these interests. Your previous web browsing activity can also be used to infer things about you, such as your demographics (age, gender etc.). This information may also be used to make the advertising on any of these websites more relevant to you.
• Personalised retargeting is another form of OBA that enables our advertiser partners to show you adverts based on your online browsing away from our websites. For example, if you visited the website of a retail company you may start seeing adverts from the same retail company displaying special offers or showing you the products that you were browsing when you come to our websites. This allows companies to advertise to people who previously visited their website. These cookies will usually be dropped by third-party advertising networks, such as Criteo, Rubicon and Vibrant Media. A list of our main advertising network partners is set out below – Other third party cookies.
Although these cookies can track your visits around the web they don't know who you are.
Without these cookies, online advertisements you encounter will be less relevant to you and your interests.
4.2 Other third party cookies
Please note that on some pages of our websites you may notice that cookies have been set that are not related to Dorsett Hospitality International or our authorised service providers. When you visit a page with content embedded from, for example, YouTube or Facebook, these service providers may set their own cookies on your web browser. These anonymous cookies may be set by that third party to track the success of their application or to customize their application to you. Dorsett Hospitality International does not control the use of these cookies and cannot access them due to the way that cookies work, as cookies can only be accessed by the party who originally set them. You should check with these third party websites for more information about these cookies.
4.3 How to control your cookies
4.3.1 Managing cookies in your browser
Most modern browsers will allow you to:
• See what cookies you've got and delete them on an individual basis.
• Block third party cookies.
• Block cookies from particular sites.
• Block all cookies from being set.
• Delete all cookies when you close your browser.
You should be aware that any preferences will be lost if you delete cookies. Ironically, this includes where you have opted out from cookies, as this requires an opt-out cookie to be set. Also, if you block cookies completely many websites will not work properly.Therefore, we do not recommend turning all cookies off.
If you are primarily concerned about third party cookies generated by advertisers, you can turn these off separately. This is discussed in more detail below.
The links below take you to the ‘Help' sections for each of the major browsers so that you can find out more about how to manage your cookies.
(Note: The above URLs are for reference only and they are not content owned and manged by Dorsett Hospitality International)
4.4 Pixel Tags
Our group and our third-party service providers may use pixel tags (also known as ‘clear gifs’, ‘beacon gifs’ etc), tracking links and/or similar technology to:
- Track customer response to Dorsett Hospitality International advertisements and website content.
- Determine your ability to receive HTML-based email messages. Our email service provider includes a pixel tag, which they refer to as a ‘coded sensor’ in all of the HTML-based messages sent on our behalf. The sensor activates when the email message is opened and flags the email address of the user as one that is capable of receiving HTML-based email messages. This capability helps our service provider to send the email in a format you can read. The sensor does not collect or use any other information. If you cannot receive HTML, you will not receive a functioning sensor.
- Know how many users open an email and allow our service provider to compile aggregated statistics about an email campaign for us, and
- Allow us to better target interactive advertising, enhance customer support and site usability, and provide offers and promotions that we believe would be of interest to you. Your Data will not be collected apart from what you voluntarily provide us in your dealings with our group operations.
4.5 Google Analytics
Google Analytics is a web analysis service provided by Google. Google utilizes the data collected to track and examine the use of all domains owned by Dorsett Hospitality International including, www.dorsett.com, www.dorsetthotels.com, www.silkahotels.com, www.dcollection.com and all websites' pages under these domains to prepare reports on its activities and share them with other Google services.
Google may use the data collected to contextualize and personalize the ads of its own advertising network.
(5) Email about special offers and promotions and Opt-out
It is our intention to only send you mail and email communications that will be useful to you and that you may want to receive. When you indicate that you would like to receive promotional material either on a guest registration card or when you subscribe for our newsletter, or patronise our restaurants and provide your email address to us specifically and expressly in order to receive marketing communications, we will periodically contact you via email and provide information about special offers and promotions that may be of interest to you. These communications will relate to offers relating to Dorsett Hospitality International, and restaurants as well as other services operated by our group companies. We typically use third party email service providers to send emails. These service providers are contractually prohibited from using your email address for any purpose other than to send emails related to our group operations. Data will not be shared with third parties for their own marketing purposes.
We provide you the ability to unsubscribe from all marketing communications. You may opt-out of receiving promotional materials by emailing to us at firstname.lastname@example.org with subject – Unscribe to Newsletter from (hotel name) or by mail sending to Sales & Marketing Department:
(Dorsett Hospitality International
18/F., Far East Consortium Building
121 Des Voeux Road Central
Central, Hong Kong)
Please allow 10 business days for us to process your opt-out.
(6) How long will Data be retained for?
Your Data will be stored for the period of time required or permitted by law in the jurisdiction of the operation holding the information.
Data may be stored by Dorsett Hospitality International and other group operations as long as required for the business purpose for which these Data are processed.
Credit card data will be removed base on PCI compliance requirements.
(7) Notifications in the event of breach
In the unlikely event of a Data breach, we are prepared to follow the relevant laws and regulations which would require us to notify you of the same.
(8) Other Sites
(9) Children’s Privacy
This website is not intended for children and minors and we do not knowingly solicit or collect Data from children and minors. As a parent or legal guardian, please do not allow your children to submit Data without your permission.
(10) Legal Disclaimer
This privacy statement complies with the Personal Data (Privacy) Ordinance (Cap. 486) of the Laws of Hong Kong Special Administrative Region as well as applicable local laws.
As an international business with operations in different parts of the world, we may need to disclose Data when required by relevant law or court order, or as requested by other government or law enforcement authorities. This also applies when we have reason to believe that disclosing the Data is necessary to identify, investigate, protect, contact or bring legal action against someone who may be casing interference with our guests, visitors, associates, rights or properties (including this website), or to others, whether intentionally or otherwise, or when anyone else could be harmed by such activities.
Dorsett Hospitality International reserves the right to change, modify or amend this Statement and Policy at any time. However, if there are changes made to the use of users' personally identifiable information in a manner different from that stated at the time of collection we will notify you by posting a notice on our website for 30 days.
Last Updated on <20th June 2013>