I. Introduction

II. Categories of Information We Collect

III. What are Cookies?

IV. Disclosing Personal Data to Third Parties

V. International Transfers of Personal Data

VI. Third Party Websites

VII. Security and Storage of Personal Data

VIII. Your Rights

IX. Cookies Policy

X. Internet Privacy Notice Changes

I. INTRODUCTION

Tai O Heritage Hotel (referred to herein as “we”, “us”, or “our”) recognise that privacy is an important issue. This Internet Privacy Notice informs you about the type of personal data we collect on this website, the third parties with whom we might share such information, and how you can review or change the personal data you provide to us. We are dedicated to respecting your privacy and safeguarding your personally identifiable information (“personal data”).

Providing your personal data to us is voluntary, however if you do not provide this information we may not be able to provide you with the products, services or information you have requested.

When disclosing personal data to us, please ensure that the data you provide is complete and accurate. You will notify us immediately of any changes to relevant personal data so that we can update our records. To the extent permitted by law, we may take any action with respect to your personal data that we deem necessary or appropriate if we believe that it may cause us, or any third party, to suffer any loss, liability or damage.

You agree that where, in connection with our website, you submit personal data relating to third parties, you will have their consent to submit and process such data for a specified purpose(s) and that you will be responsible for any claim they may have that their information has been misappropriated from them or provided to us without their consent. We may contact the third party to confirm their consent to the relevant purpose(s) for processing their personal data.

Additional information about the terms of use of our website is available in our Site Usage Agreement. Please click here for further information.

This Internet Privacy Notice applies only to the personal data that is collected on those websites where we post this notice, as well as personal data that is generated by the website.

II. CATEGORIES OF INFORMATION WE COLLECT

The information including personal data that we collect may include but not limited to:

1. Your name, gender, date of birth, marital status, occupation and the particulars of your registered status with any of our subsidiaries, associated companies and / or partners;

2. Your contact information such as telephone numbers, mailing addresses, e-mail addresses and fax numbers;

3.  Your credit card or relevant payment information;

4. Your passport information including passport number, nationality, and a copy of your physical passport;

5. Your login and password details, so that we can retrieve your login details if you forget or lose them;

6. Booking and billing data that may be generated at the time you make an online booking via our website, or a third party partner website;

III. WHAT ARE COOKIES?

Making Reservations

When you make a reservation or purchase hotel accommodation, your request will be passed to a Tai O Heritage Hotel’s reservation website that will request your name and address along with other information which personally identifies you to assist with your reservation and stay such as credit card information including its number and related details, date of arrival / departure, membership number (if any), and room preferences. We need to process your data in this way in order to perform our contractual obligations to you in relation to products and services you have requested, and to process your registration at our hotel.

We also collect personal data in relation to the following services.

Sweepstakes and Contests

On occasion, we conduct sweepstakes and contests that offer the opportunity to win prizes. Each sweepstake has its own Terms and Conditions for your acceptance. Some sweepstakes require you to choose to enter and for others you will be entered automatically if certain conditions are met (e.g., making a reservation with a certain credit card). As part of entering a sweepstake, certain personal data such as name, credit card details and email address may be required. From time to time we may partner with other companies mentioned below to provide co-sponsored or co-branded promotions, products and services and may share your personal data with our co-sponsor. If you enter one of these sweepstakes or contests, you shall accept the Terms and Conditions and we may share your personal data with our co-sponsor or the third party sponsor. We need to process your personal data in this way in order to perform our contractual obligations to you in relation to a sweepstake or contest. If you do not accept the Terms and Conditions, we will not be able to offer these opportunities to you.

Contacting Us by E-mail with Questions or Comments

When you send us an email or message us from one of our sites, we may retain information such as the content (including any follow up questions you may have), your email address, and our response. We may use this information, for example, to measure how effectively we address customer concerns online, to personalise your experience, and to continuously improve our service to you. It is in our legitimate interest to process your personal data in this way, as it allows us to deliver the type of content and product offerings in which you are most interested, to better understand and meet your needs, and to enhance our relationship with you. It also enables us to maintain high levels of customer service and responsiveness.

Please click here to view the Site Usage Agreement for more details on the use of materials you submit to us.

Direct Marketing

We intend to use your personal data (such as name, email address and phone number) to send marketing materials or make appropriate promotional offers to you. The marketing or promotional materials may cover the following: (i) room/apartment/house stay; (ii) catering, food and beverage; (iii) hotel and hospitality; and (iv) any products, services or facilities which we think may be of interest to you. We may share your data or enable our Partner Companies and/or other third party service providers to send direct marketing materials and make promotional offers to you if we feel these might be of interest to you, in relation to the same classes of marketing subjects. For promotional or marketing purposes, a list of classes of persons to whom your personal data may be transferred can be found at www.taioheritagehotel.com.

We will only use your personal data for direct marketing or promotional purposes if you have provided your consent (or your indication of no objection) for us to do so. We will not send such messages to you if you have unsubscribed from receiving these messages (please see “Your Rights” below for further information).

Electronic Postcards and Forwarding to Friends

From time to time, our websites may offer a feature that allows you to send an electronic postcard or otherwise share a message with a friend. If you choose to do so, we will ask you for your name and e-mail address, and the recipient’s name and e-mail address, along with the text of any message you choose to include. It is in our legitimate interest to process personal data in this way in order to offer this type of interactive feature on our website, and thereby improve the overall appeal of our website to customers.

Online Surveys

Occasionally, we may conduct online surveys to better understand the effectiveness of our websites. Your participation in these surveys is voluntary. Information collected by us when you participate in a survey may include name, street address and e-mail address. We will only process your data in this way if you have provided consent for this type of processing.

Employment

If you choose to apply for employment online, you will be required to provide your name, street address, telephone number, email address, education background and employment history. You will also be asked to provide other relevant information for such purpose, e.g. to attach your resume to our electronic form. You will be asked to provide your email address if you choose to be notified of any future openings. It is in our legitimate interests to process personal data of online employment applications at the request of a data subject seeking to obtain employment (prior to the agreement of an employment contract) and to assess the suitability of the data subject for the opening.

User Account

When making a reservation, we may offer you the option to register for an account with us. We will ask you to select a username and password, and provide your name and contact information. In addition, if you choose to, you can include credit card information, room preferences and select the email newsletters to which you would like to subscribe. We will only process your personal data in this way if you have provided consent for this type of processing.

Aggregating Website Data

We aggregate statistics, responses to any surveys and questionnaires, traffic patterns and related site information and disclose such aggregate data to third parties for marketing, advertising or other promotional purposes but such aggregate data will not include any personal data. To enable us to monitor and improve our websites, we gather and record on our servers certain aggregated information about you when you use it, including without limitation, details of your operating system, browser version, domain name and IP address, the URL you came from and go to and the parts of our websites you visit. Such information is primarily used to provide you with an enhanced online experience. To the extent that such data is not fully anonymised and continues to constitute personal data, it is necessary for our legitimate interests to process this data in order to monitor and enhance our website offering, and ensure the website is functional and user-friendly.

Legal Grounds

We will use and disclose your personal data when we believe in good faith that such disclosure is required by law, regulations, order or notice issued by a competent authority or is necessary or desirable to investigate or protect against harmful activities to guests, visitors, employees or others or to property (including these websites) or to protect or enforce our rights under the contract or otherwise with you.

IV. Disclosing Personal Data to Third Parties

In order to conduct our business, and provide products and services to you, we may disclose the personal data that you voluntarily share with us to the following third parties:

1. Hong Kong Heritage Conservation Foundation, and related government departments

2. our business partners (“Partner Companies”) who may offer goods or services or information in relation to our business (including hotels, travel, entertainment, food and beverage, spa, conferencing, fashion, education, transportation, banking and other consumer products and services);

3. agents, contractors, sub-contractors or third party service providers (including the company provide the system for running the programme or the fulfilment house for arranging the membership card and other service providers who support on service delivery to members or provide administrative, telecommunication, computer or other services to us in connection with operation of our business), and / or

4. other third parties who may offer goods or services or information we think may be of interest to you, to provide services and products, process reservations and other transactions you request and to provide you with customer service.

We rely on third party service providers to help us deliver products and services, and programs, offering products and services, providing services in connection with our websites including communicating news and delivering promotional materials via e-mail and direct mail and administering sweepstakes and surveys.

Except as detailed in this Internet Privacy Notice, Tai O Heritage Hotel will not disclose personal data to third parties outside Tai O Heritage Hotel without your consent.

V. How to Access or Correct Your Personal Information

In most instances personal data is processed in the territory where the hotel is located. Personal data may also be transferred to, and stored at, another jurisdiction outside the European Economic Area (“EEA”). We will take steps that are reasonably necessary to ensure that your personal data is treated in accordance with applicable data protection laws, including, where relevant, entering into EU standard contractual clauses (or equivalent measures) with the party outside the EEA receiving the personal data.

VI. Third Party Websites

If you enter or choose to leave our websites via links to other non-Tai O Heritage Hotel sites (including those of our advertisers, content providers, vendors, independent hotels, affiliates and partners), your visits to those sites are not covered by this Internet Privacy Notice. We do not control and shall not be responsible for the collection of personal data by third party websites, or websites not controlled or authorised by us and these websites may have their own privacy practices. We accept no responsibility or liability for third party websites’ practices and policies. You should contact the relevant website administrator or web master directly to ask questions about their privacy practices and policies.

VII. Security and Storage of Personal Data

All internet users accept that there is an element of inherent security risk when dealing online over the internet, and we cannot guarantee the security of any personal data you disclose online. You accept the inherent security implications of dealing online over the Internet and will not hold us responsible for any breach of security unless we have been negligent and then only to the limits set out in the Site Usage Agreement. Nevertheless, we take reasonable steps and use appropriate technical and organisational measures to ensure appropriate security of the personal data we hold, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage.

We will only retain your personal data for as long as is necessary for the purposes for which that personal data was collected or processed and to the extent permitted by applicable laws. When we no longer need to use your personal data, we will remove it from our systems/records or take steps to anonymise such information so that you can no longer be identified from it (unless we need to keep your personal data for a longer period to comply with legal or regulatory obligations to which we are subject).

VIII. Your Rights

Under the Hong Kong Personal Data (Privacy) Ordinance, you are entitled to access and make changes to any personal data relating to your profile held in our database. You should update the personal data held by us whenever there is a change.

If you want to exercise any data protection rights that may be available to you under applicable law or have questions or concerns about how your personal data is handled by us or third parties on our behalf, you may contact:

Tai O Heritage Hotel

Shek Tsai Po Street, Tai O, Lantau Island, Hong Kong

Email: info@taioheritagehotel.com

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws within a reasonable time, and at least within one month. We reserve the right to charge a reasonable fee for the processing of any such access request. As indicated above, all requests for access to your personal information must be submitted in writing. When communicating your request, please be sure to include your full name, address and telephone number so we can ascertain your identity, and specify clearly the type of enquiry and the original source of data collection. We may ask you to verify your identity in order to help us respond efficiently to your request.

In addition, in some circumstances based on applicable data protection laws, you may request that we cease sharing personal data about you with our business partners or that Tai O Heritage Hotel cease using personal data about you on the grounds that such personal data was acquired by unjust means or used in violation of law by sending your written request to our Data Privacy Officer at email: info@taioheritagehotel.com. We will seek to honour those requests consistently with applicable data protection laws.

Personal Data Received from EU

For individuals in EU (“European Union”) from whom we collect personal data on our website, under applicable data protection laws (to the extent they apply to our website and to you) you shall have the following rights:

· Access You have the right to request a copy of the personal data we are processing about you, which we will provide back to you in electronic form. For your own privacy and security, in our discretion we may require you to prove your identity before providing the requested information.

· Rectification You have the right to have incomplete or inaccurate personal data that we process about you corrected. Please note that you can always make certain adjustments to certain personal data directly through your online account.

· Deletion You have the right to request that we delete personal data that we process about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.

· Restriction You have the right to restrict our processing of your personal data where you believe such data to be inaccurate, our processing is unlawful or that we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.

· Portability You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent (such as for direct marketing communications) or to perform a contract with you.

· Withdrawing Consent If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us.

· Objection Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.

· Complaint You have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. Please click here for a list of local data protection authorities in the other EEA countries.

User Account

If you have registered User Account with us, the information you provided to us at the time of registration may be accessed, reviewed and updated at any time by logging in to your User Account.

IX. Cookies Policy

We may automatically track and collect your IP address, domain server, the type of computer and type of web browser you are using and use “cookies” to (i) customise website content specific to your interests, (ii) ensure that you do not see the same advertisement repeatedly, (iii) store your password so you do not have to re-enter it each time you use the sites and (iv) improve and update the websites. Some of the websites operated on our behalf are hosted and managed by other companies which may also track and collect this information using cookies.

“Cookies” are small pieces of electronic information (specifically, a string of text) that your browser and your operating system store on your hard drive for record-keeping purposes. Cookies can store a user’s ID and password, personalise home pages, identify which parts of a site have been visited and / or keep track of previous website use, selections or purchases.

We will only use certain cookies if you have provided consent for us to do so the first time you visit our website (we may ask you to provide consent again in future).

At any time, you can choose whether to accept or deny cookies; your browser on your computer is often initially set to accept cookies. However, you can choose to deny cookies and continue browsing the sites.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Performance Cookies Google Analytics stored by Google for 1 day to 2 years, depending on the cookies – We use Google Analytics to help analyse which pages on our website visitors viewed. When you visit our website, your web browser automatically sends certain information to Google. For more information on how Google uses your data, please refer to here. To opt-out, please click here.

Necessary Cookies Travel Click is our website provider and cookies are collected to enhance website performance and security. Cookies are stored for 30 days. For more information on how Travel Click uses the data, please refer to: https://www.travelclick.com/privacy-policy.html

Sabre Hospitality is our hotel central reservation system and pixel tags are used to improve your hotel room reservation experience, such as storing information about your booking preferences to better customize the site according to individual interest. For more information on how Sabre Hospitality uses the data, please refer to: http://www.sabrehospitality.com/privacy-policy

Advertising Cookies DoubleClick stored by Google for 2 years – Google (doubleclick.net) sets cookies to display personalised user marketing on other websites and track transactions made by you on our website. For more information on how DoubleClick uses your data, please refer to https://www.google.com/intl/en/policies/privacy/.

Facebook uses fr and it is stored for 3 months – Facebook (facebook.com) sets cookies to display personalised user marketing on other websites and track transactions made by you on our website. For more information on how Facebook uses your data, please refer to https://en-gb.facebook.com/policies/cookies/.

Triptease Services: We use third-party analytics services to help understand the way our website visitors use our website. In particular, we may provide a limited amount of your information (such as your room search, email address and name, should you provide these) to the Triptease Group (“Triptease”) and utilize Triptease to collect data for analytics purposes when you visit our website to book a stay with us. As our joint data controller, Triptease analyzes your use of our website and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. We may also use Triptease as a medium for communications through live chat or automated messages within our website. Additionally we may take payments through Triptease’s live chat widget Front Desk. Triptease does not retain any payment information and uses the third-party service, PCI-Booking, for such payments. For more information on PCI-Booking use of data, please refer to their privacy policy https://www.pcibooking.net/privacy-policy. For more information on the privacy practices of Triptease, please refer to https://www.triptease.com/privacy-policy/. For more information about Triptease’s use of cookies, please refer to https://www.triptease.com/cookie-policy/.

Sojern uses cid and gid cookies, and are stored for 2 years – Sojern (sojern.com) sets cookies to display personalised user marketing on other websites and track transactions made by you on our website. For more information on how Sojern uses your data, please refer to https://www.sojern.com/privacy/privacy-policy .

Most cookies (other than essential cookies) will expire within two years.

X. Internet Privacy Notice Changes

In the future, we may make changes to this Internet Privacy Notice. The revised Internet Privacy Notice will be dated and be displayed via a pop-up link on this website so that you will know what types of information we gather and the categories of third parties with whom we may share the information, and we will take any further action as required under applicable law, for example, obtaining your consent where we seek to process your personal data for a new purpose(s).

If you wish to opt out of receiving email communications from us, please click the “unsubscribe” link in each email you receive from us. Alternatively, and/or for any questions or concerns about this Internet Privacy Notice, you may contact us at:

Tai O Heritage Hotel

Shek Tsai Po Street, Tai O, Lantau Island, Hong Kong

Email: info@taioheritagehotel.com

This Internet Privacy Notice is written in the English language and may be translated into other languages. The English version shall prevail over the translated version in case of any consistency.