Privacy Policy
This privacy policy (“Privacy Policy”) and sets out how we collect, process, store, disclose and protect your personal data, as detailed below, that we collect from you or that you provide to us through this website and the related websites, social media handles and applications (collectively the “Website”).
We will refer to ourselves from now on in the Privacy Policy as “we” (or by related words such as “us” or “our”). Our hotels are operated by Cycas Hospitality BV Limited.
We are committed to ensure that your privacy and personal information is protected. We want you to trust that the information that you have provided to us is being properly managed and protected. We may update this Privacy Policy from time to time, so please do feel free to check it every so often to ensure you’re comfortable with any changes. Any changes to this Privacy Policy will become effective upon posting of the revised Privacy Policy on the Website.
PERSONAL DATA WE COLLECT
We may collect and process the following personal data about you when you visit the Website or the hotel including through certain offerings or services available at the hotel:
Personal Data | Details |
---|---|
Customer Data | We collect or generate the following types of personal data from you: – Name – Gender – Postal address – Telephone number – Email address – Financial information (such as credit and debit card number or other payment data) – Language preference – Date and place of birth – Nationality, passport, visa, or other government-issued identification data – Important dates: birthdays, anniversaries, and special occasions – Membership or loyalty programme data (including co-branded payment cards, travel partner programme affiliations) – Employer details (for business-related bookings) – Travel itinerary, tour group, or activity data – Data about your family members and companions In more limited circumstances, we may also collect: Generally, we do not collect sensitive or special category personal data from or about you, however, we will collect personal data that you volunteer about you relating to specific dietary, medical or health information, disabilities or personal needs to ensure your wellbeing. We may also process special category data relating to you in the event of an emergency during your stay with us. |
Business Development Data | We collect the following types of personal data from you in connection with our business development activities: – Prior guest stays or interactions (including interactions via our chat functionalities), goods and services purchased, special service and amenity requests – Social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts We may also collect information about your “Stay Preferences” that we use to make your current and future stays and experience with us more enjoyable, including information about your interests and other relevant information that we learn about you during your stay. This may also include any likes and dislikes about our services that you tell us about so that we can improve our services. We may also collect your “Personal Preferences,” that may include details of your special anniversaries (such as your birthday or wedding anniversary), what type of activities you prefer to take part in when staying with us, and your hobbies. Personal Preferences may also include details about who you usually travel with, their relationship to you, and your marital status. |
Images, Video and Audio Data | We collect the image, video and audio personal data from you from: (a) security cameras located in public areas, such as hallways and lobbies, in our properties; and (b) body-worn cameras carried by our loss prevention officers and other security personnel. |
Usage and Device Data | When you visit the Website or avail of services related to the Website, we will collect personal data relating to: – your visits and interactions with the Website including which webpages you visit, time and date of access, what you click on, when you perform these actions; – your device data including your IP address, location data, device type and language, browser type and other related information; and – linked websites that you access through the Website. Most of this personal data is collected using cookies on the Website. Please see our Cookie Declaration further below for more information about how the Website uses cookies. |
If you submit any personal data about other people to us or our service providers (e.g., if you make a reservation for another individual), please ensure that you have the authority to do so from these individuals and provide them with a copy of this Privacy Policy.
FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS DO WE PROCESS PERSONAL DATA?
We are committed to collecting and using your information in accordance with applicable data protection laws. We will only collect, use and share information where we are satisfied that we have an appropriate legal basis.
We have set out in the below table the key context upon which (“Legal Basis“) we process your personal data. We also explain how (“Nature of Processing“) and why (“Purposes“) we process your personal data.
Legal Basis | Nature of Processing and Purposes | Categories of Personal Data |
---|---|---|
Compliance with a Legal Obligation | Our use of your information is necessary to meet responsibilities we have to our regulators, tax officials, law enforcement and other legal, contractual and statutory obligations. It is also necessary for our everyday business purposes in accordance with the law, such as for legal, accounting, or reporting requirements, such as the obligation to maintain books and records, as well as regulatory compliance, security and fraud detection, and/or to enforce our rights. To comply with Health and Safety regulations | Customer Data Business Development Data Health Data |
Performance of a Contract | For bookings, fee subscriptions, purchases, employment as well as provision and receipt of goods and services, including: – To verify your identity. – To manage your registration as a user of our Website, account setup and administration. – To process any payments towards bookings, fee subscriptions and purchases. – To process, confirm, and fulfil bookings at our hotels, restaurants, bars, programming and events. To send transactional messages (such as order confirmations and account information). – To provide and receive of goods and services. – To manage evacuation assistance and comply with Health and Safety regulations. | Customer Data Business Development Data Health Data |
Legitimate Interest | For the individual booking rooms at our hotels, restaurants, bars, gym classes, and events, for example, honouring his/her preferences, as well as for any individuals accompanying the primary guest (e.g., spouse, children, friends), including: – To provide you with access to the Website and to allow you to use the Website. – To personalise our communications. – To provide and improve customer service. – To send you surveys, marketing communications, promotional offers, and other information. To manage and comply with Health and Safety regulations – To protect your rights and interests as well as the rights and interests of other guests. | Customer Data Business Development Data Chat dialogue via Website Health Data Images, Video and Audio Data |
Substantial Public Interest | Collection of Health Data – To provide assistance to guests that may require it when using our services. – To ensure safety of guests when dining. | Health Data |
Consent | Marketing Communications. We may offer you to opt-in/subscribe to newsletters and marketing emails from the hotel or hotel group. |
DATA RETENTION
We only process personal information for a specific purpose for which the data was collected and will only store and use personal information for as long as necessary for this purpose including for the purposes of satisfying any legal, accounting, or reporting requirements. You do not have to provide us with your personal information but in some cases, this means we’ll be unable to fulfill your request.
SECURE ENVIRONMENT FOR PERSONAL INFORMATION
We are committed to protecting the confidentiality and security of the information that you provide to us. To do this, security measures are put in place to protect against any unauthorised access, disclosure, damage or loss of your information. The collection and storage of information can never be guaranteed to be completely secure, however, we take all necessary steps to ensure that appropriate security safeguards are in place to protect your information.
YOUR RIGHTS UNDER EU DATA PROTECTION LAWS
You have legal rights under EU data protection laws in relation to your personal information including the following rights:
Right of access by the data subject
Right of access means, in short, that we are required to provide you a copy of your processed personal data upon request. This enables you to check that we are lawfully processing it.
Right to rectification and erasure
Because ownership of your personal information is very important, you have the right to ask us to rectify any information about you which is incorrect and ask us to erase your personal information if you think we no longer need to use it for the purpose we collected it from you. This applies also to the following situations: if you have either withdrawn your consent to us using your information (if we originally asked for or relied on your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information.
Right to restriction of processing
In certain circumstances you can ask us to restrict our use of your information, for example: where you think the information is inaccurate and we need to verify it; where our use of your information is unlawful, but you do not want us to erase it; where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or where you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it.
Right to object
EU data protection laws give you the right to object to the processing of your personal information in certain circumstances if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use your information if we can demonstrate that we have compelling legitimate interests to use the information. You can also ask us to stop using your data for direct marketing purposes.
Data portability
Where applicable, it is also your right to receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if the processing is based on consent or on a contract, and the processing is carried out by automated means.
Complaints
You have a specific right to lodge a complaint with the relevant supervisory authority, in the country in which you reside, where you work or where the subject matter of the complaint took place. The supervisory authority will then tell you of the progress and outcome of your complaint. A list of supervisory authorities in the EU is available here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#member-ie
SHARING YOUR DATA
Depending on the purpose for which we process your personal data, we may share such personal data with some or all of the following recipients to the extent necessary:
- Internal/ intra-group entities: Other companies within our group, internal departments and services (such as our hotel staff, concierge, customer service team, sales department, marketing department or IT department).
- Service providers: service providers such as operators, travel agents, insurance companies.
- If we obtain CCTV footage, we do not disclose such data except as necessary to protect our rights and interests and the rights and interests of other persons, including law enforcement.
- Third party advisors/ professionals: Professional advisors who provide professional services to us e.g. consultants, auditors, legal advisors.
- Regulatory authorities and law enforcement agencies: Where we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
- Third party service providers: We engage third party suppliers who may process your personal data on our behalf for the above purposes. These include the following:
- Administrative services.
- Processing of payment services.
- Marketing, Advertising and communication services.
- Website and data hosting providers.
- Corporate social responsibility services.
- Maintenance services.
- Physical security services.
- Archiving, custody, storage and digitalization services.
- Document removal and destruction services.
- IT services]Vendors and service providers who need access to such information to carry out work or provide services on our behalf or who help us provide the Site to you or who help us detect, prevent, investigate or otherwise manage crime or commercial risks (such as fraud);
- with anyone involved in the process of making your travel arrangements (e.g. travel agents, group travel organisers, your employer, our partners, foreign embassies) in order to fulfill contractual obligations;
- Promotional Activity.
We partner with third parties who may provide promotions to you, such as sweepstakes, contests, or other offers.
- Linked Accounts and Travel Insurance
We partner with certain third parties that allow you to enroll in their services or purchase their products.
COOKIES DECLARATION
This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of the website with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services or other third-party services.
Cookies are small text files that can be used by websites to make a user’s experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your prior consent. This website uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration on the website.
TYPES OF COOKIES ON OUR WEBSITE
Necessary
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Preferences
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Statistics
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Marketing
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
INFORMATION ABOUT OUR COOKIES
We also use third party advertising technology to serve hotel advertisements to you on other sites. The technology gathers anonymous data about your website visits and visits to other sites where hotel advertisements appear to serve you with hotel advertisements on third party sites. When these advertisements are served to you, third party persistent cookies may be put on your computer.
For example, we use third party persistent cookies to serve you customised advertisements on third party sites based on your interaction with the website. As you browse the website, advertising cookies will be placed on your computer so that we can understand what you are interested in. Our display advertising partner, then enables us to present you with retargeting advertising on other sites based on your previous interaction with the website. The techniques our partners employ do not collect personal data.
The hotels, through their respective third-party advertising/marketing vendors, may also use pixel tags to collect anonymous data. The pixel tags are computer coding usually fixed to Site pages or emails that allow our vendors to anonymously collect certain pieces of information. The hotels, in conjunction with our advertising/marketing and email vendors, may use pixel tags to:
- Allow our advertising/marketing vendors to recognise cookies on your browser when you visit the website. This assists our advertising/marketing vendors to determine if you reached the website by clicking on a specific ad and/or to track your responses to hotel advertisements served on third party sites. It may also reveal if a reservation was executed.
- Determine your technical ability to receive HTML emails. The pixel tag allows us to know if an email sent to you is opened and marks email addresses as ones that can receive HTML emails.
- Determine how many users open a specific email. This allows us or our email vendor to collect anonymous and aggregated statistics about a specific email blast or campaign.
- Allow us or our third-party advertising/marketing vendors to deliver targeted advertising on third party sites.
- Allow us to make the website more usable and make our customer support better.
- Allow us to deliver you promotional materials, offers, and other information that we believe would be relevant.
Google AdWords: We may use Google AdWords, a web analytics and search engine advertising campaign management service. Google AdWords uses cookies, web beacons, and other means to help us analyse how users use the site. You can find Google’s Privacy Policy at http://www.google.com/privacy.
Analytics: We also collect data through Google Analytics, which uses cookies and technologies to collect and analyse data about use of the Services. These services collect data regarding the use of other sites, apps and online resources. You can find out more about Google’s practices by visiting www.google.com/policies/privacy and opt out by downloading the Google Analytics opt out browser add-on.
DISABLING COOKIES
You may set or configure your browser to block or disable cookies. Instructions for managing your browser cookie preferences can be found via the following links:
For more information on how to manage cookies, please visit http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm.
Please note that by disabling cookies, this could affect your use of the website and/or restrict your interaction with the website. The website currently does not respond to “do not track” requests. Please note that our advertising/marketing vendors may handle “do not track” requests differently from the hotels.
USE OF SERVICES BY CHILDREN, MINORS, QUASI-INCOMPETENT PERSONS, AND INCOMPETENT PERSONS
Except where required by local laws, we do not knowingly collect personal data from minors, quasi-incompetent persons, and incompetent persons. If you are a minor, quasi-incompetent persons, and incompetent persons, you may only use our Website, services and offerings with the permission of your parent, or guardian, or curator.
If you are in the EU, our online services/ Website are not directed at children under the age of 13. If you believe we have collected information about a child under the age of 13, please contact us so that we may take appropriate steps to delete such information. If you are at least 13 but under the age of 16, please get the consent of your parent or legal guardian before giving us any personal data about yourself.
If you are in the People’s Republic of China, our online services/ Website are not directed at children under the age of 14. If you are under the age of 14, please get the consent of your parent or legal guardian before giving us any personal data about yourself.
If you are in Thailand, our online services/ Website are not directed at children under the age of 20. If you believe we have collected information about a child under the age of 20, please contact us so that we may take appropriate steps to delete such information. If you are under the age of 20 and other legal exceptions cannot be relied on, please get the consent of your parent or legal guardian before giving us any personal data about yourself.
INTERNATIONAL DATA TRANSFERS
We are a global organisation and provide global services. Transferring data internationally is essential to the services we provide, so that you receive the same high-quality service wherever you are in the world. As a result, we will, subject to law and by ensuring that the personal data will be sufficiently protected, transfer personal data and other data collected in connection with the Website, to entities in countries where data protection standards may differ from those in the country where you reside, including outside the EEA, UK, or Switzerland. By making a reservation, visiting, or staying at our properties or using any group branded service, you understand that we transfer your personal data globally.
Where international data transfers occur, we ensure that appropriate safeguards are in place by ensuring that an appropriate transfer mechanism, such as Module 2 of the Standard Contractual Clauses (as approved by the European Commission) or an adequacy decision of the European Commission, is in place to protect your personal data.
In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal data.
CONTROLLING YOUR PERSONAL INFORMATION
You may choose to restrict the collection or use of your personal information in the following ways:
Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes.
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at privacy@cycashospitality.com.
There is also a clear opt-out method included in each email communication, via an ‘unsubscribe’ link. You can also choose to be removed from our database at any time by contacting us on privacy@cycashospitality.com with the subject ‘unsubscribe’.
DATA CONTROLLER / CONTACTING US
For general data protection regulation purposes, the “data controller” is Cycas Hospitality BV.
If you have any questions about this Privacy Policy, please contact us by email at privacy@cycashospitality.com or by mail:
Cycas Hospitality BV
Danzigerkade 175
1013 AP, Amsterdam
The Netherlands
This browser is no longer supported
In order to have the best experience, please update your browser. If you choose not to update, this website may not function as expected. Clicking the button below will help you to update your browser.
Update Your Browser Continue Without Updating