Privacy Policy

Welcome to our Privacy Policy

1 Introduction
We use your personal information in order to fulfil our commitment to providing an unparalleled guest experience in connection with all of your interactions with our site (the “Purpose”). As part of that undertaking, we are committed to safeguarding the privacy of the personal information that we gather.

As one of our guests or someone else with whom we do business, we collect, use and disclose your personal information in accordance with this Privacy Policy for Guests (this “Policy”).

2 The Application of this Policy
This Policy applies to personal information regarding guests and the other individuals from the European Union, United Kingdom and Switzerland with whom we do business and to the use of that personal information in any form, whether oral, electronic and/or written.

This Policy gives effect to our commitment to protect your personal information and has been adopted by all of the separate and distinct legal entities that manage, operate, franchise, license, own and/or provide services to the various locations operating under or in connection with our brands 

While this Policy is intended to describe the broadest range of our personal information processing activities globally, those processing activities may be more limited in some jurisdictions based on the restrictions of their laws. For example, the laws of a particular country/region may limit the types of personal information we can collect or the manner in which we process that personal information. In those instances, we adjust our internal policies and/or practices to reflect the requirements of local law.

3 Types of Personal Information We Collect
The term “personal information” in this Policy refers to information that identifies or is capable of identifying you as an individual. The types of personal information that we process (which may vary by jurisdiction based on applicable law) include:

your name, gender, personal and work contact details, business title, date and place of birth,nationality, and passport. 
guest stay information dates of arrival and departure, goods and services utilised, special requests made, observations about your service preferences (including room and vacation preferences), telephone numbers dialed and faxes, texts and telephone messages received;
your credit card details, payment method details and your guest program and any frequent flyer or travel partner program;
any information necessary to fulfil special requests (e.g., health conditions that require specific accommodation or services);
information, feedback or content you provide regarding your marketing preferences, in surveys, sweepstakes, contests or promotional offers, or to our websites or apps and those of third parties;
information collected whilst at our hotel Location through the use of closed circuit television systems, internet systems (including wired or wireless networks that collect data about your computer, smart or mobile device, or your location), card key and other security and technology systems;
information collected whilst you access our website (we describe this in more detail in Sections 7 and 8 below);
contact and other relevant details concerning the employees of corporate accounts and vendors and other individuals with whom we do business (e.g., travel agents or meeting and event planners); and in limited cases, information relating to the credit of customers.

Much of the personal information we process is information that you or someone acting on your behalf knowingly provides to us. However, in other instances, we process personal information that we are able to infer about you based on other information you provide to us or during our interactions with you, or personal information about you that we receive from a third party (such as your travel agent, airline, employer (where your employer books travel for you), or your third party card or loyalty scheme provider). This Policy also applies to the personal information about you that we receive from a third party, unless specifically covered by such third party’s privacy policy.

There may be instances in which the personal information that you provide to us or that we collect is considered Sensitive Personal Information under the privacy laws of some countries or regions. Those laws define “Sensitive Personal Information” to mean personal information from which we can determine or infer an individual’s racial or ethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, membership in a trade union or professional association, physical or mental health or condition, medical treatment, genetic data, biometric information, and information about an individual’s sexual life or sexual orientation. In some very rare instances, financial records may constitute Sensitive Personal Information where you are located. If we rely on consent to process your Sensitive Personal Information, you have the right to withdraw that consent at any time. We only process Sensitive Personal Information in your jurisdiction if and to the extent permitted or required by applicable law.

Save to the extent required by law, you are not obliged to provide us with any of your Sensitive Personal Information, and should you choose not to, this will not prevent you from purchasing any products or services from us.

4 How We Use Personal Information

Subject to applicable laws, we may collect, use and disclose portions of your personal information in order to:
provide and charge for hotel accommodation and other goods and services;
provide you with a better or more personalized level of service, including information and services from a third party (such as additional guest services at our otels and resorts, local attractions and transportation options);
facilitate services on your behalf, including restaurant and transportation transactions;
administer our frequent guest program if available.
fulfil contractual obligations to you, anyone involved in the process of making your travel arrangements (e.g., travel agents, group travel organizers or your employer) and vendors (e.g., credit card companies, airline operators and third party loyalty programs);
conduct market research, customer satisfaction and quality assurance surveys, and direct marketing and sales promotions (although please see Section 9 below for more information about how we conduct direct marketing);
provide for the safety and security of staff, guests and other visitors;
administer general record keeping;
meet legal and regulatory requirements;
test and evaluate new products and services; and
process credit applications 
When we process your personal information as one of our guests or someone else with whom we do business, we do so in our legitimate interests (as detailed above), because of legal obligations we are subject to or because the information is required to fulfil contractual obligations to you, anyone involved in making your travel arrangements (e.g., travel agents, group travel organizers or your employer) and vendors (e.g., credit card companies, airline operators and third party loyalty programs).

We use and retains your personal information for as long as is necessary to fulfil the purpose for which it is being processed, and in line with our legal and regulatory obligations and risk management guidelines. For example, reservation records are retained for a period of five (5) years following the year in which the reservation was made, and sales contracts are retained for a period of Statute of Limitations plus ten (10) years. Personal information in records may be maintained for longer periods if subject to a legal hold or specific country/region requirement.

5 Disclosures of your Personal Information
From time to time, we may disclose your personal information. We would always make that disclosure in accordance with applicable law.

Circumstances where we might make such disclosure (in addition to those described in Section 4 above) include:

5.1       Our Agents, Service Providers and Suppliers
Like most hotel brands, we may outsource the processing of certain functions and/or information to third parties. When we do outsource the processing of your personal information to third parties or provide your personal information to third-party service providers, we oblige those third parties to protect your personal information in accordance with the terms and conditions of this Policy, with appropriate security measures. A list of the categories of third party agents, service providers and suppliers to which your information may be transferred may be found here.

5.2       Consumer Insights
Where we hold personal information about you, we may disclose this personal information to other companies that also hold information about you. These companies may combine the information in order to better understand your preferences and interests, thereby enabling them and us to serve you better. If your personal information is used for direct marketing purposes, you have the right to object to that by contacting us using the contact information provided under Section 12 below. Further information about how we conduct direct marketing may be found at Section 9 below.

5.3       Credit Authorization
When you request credit, your personal information will be used and disclosed to appropriate third parties in accordance with applicable laws for the purpose of determining whether to grant and maintain a line of credit to you.

5.4       Business Transfers
As we continue to develop our business, we may sell hotels and other assets, or cease being the manager or franchisor of a location. In those circumstances, we may include the personal information collected about you, or control of that personal information, as a business asset in any such transfer. Also, in the unlikely event that we, or substantially all of our assets, are acquired, personal information collected about you, or control of such information, may be one of the transferred assets.
Once the personal information is transferred to the credit card network operator, credit card issuer, your employer or corporate client and/or their respective subcontractors, it is no longer subject to the protections described in this Policy, but rather your own arrangements with your employer or corporate client, the relevant credit card network operator and/or the relevant card issuer.

5.6       Legal Requirements
We reserve the right to disclose any personal information we have concerning you if we are compelled to do so by a court of law or lawfully requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws. We also reserve the right to retain personal information collected and to process such personal information to comply with accounting and tax rules and regulations and any specific record retention laws.

6          International Transfers of Personal Information
Like most international businesses, we have centralized certain aspects of our data processing activities in accordance with applicable laws, which, in many instances, will result in the transfer of your personal information from one country to another. Nevertheless, whenever your personal information is transferred within companies, your personal information will be processed in accordance with the terms and conditions of this Policy and applicable laws. 
Additionally, some of the third party suppliers to which we transfer your personal information may be based in different locations, some of which may have lower standards of data protection than in your home country. When we do transfer personal information to such third parties, we ensure appropriate safeguards are in place, and oblige those third parties to protect your personal information in accordance with the terms and conditions of this Policy, with appropriate security measures. These third parties broadly fall into two groups: (i) locally-provided suppliers supporting individual Locations or groups of Locations, who may operate in any of the countries in which our hotel Locations operate; or (ii) centrally-procured service providers, supporting our as a whole, who may be located in our major business locations.

7          Information We Collect When You Visit Us Online
If you access our website, you may wish to know the following:

7.1       You Can Browse Without Revealing Who You Are
You can always visit our websites without logging in or otherwise revealing who you are.

7.2       Usage Information
When you visit our websites, we collect information about how you use those websites. Examples of such information include the Internet Protocol address automatically assigned to your computer each time you browse the Internet, the date and time of your visit, the pages you access and the amount of time you spend on each page, the type of Internet browser you use, your device’s operating system and the URL of any websites that you visited before and after visiting our website. That information is not linked to you as an individual unless you create a user profile, but we may keep records of the type of device being used.

7.3       Cookies and Other Similar Technology
We use cookie technology on our websites to allow us to evaluate and improve the functionality of our websites. Our cookies by themselves cannot be used to reveal your identity. They identify your browser or device, but not you, to our servers when you visit our websites. For information about how we use cookies click here 

If you do not want to accept cookies, you can block them by adjusting the settings on your Internet browser. However, if you block them, you will not be able to use all of the features of our websites, including the customization features associated with creating a user profile. Further information about cookies and other similar technology and how they work is available at allaboutcookies.org.

7.4       Social Media
Our websites may also contain plug-ins and other features that integrate third party social media platforms into our websites. You will be able to activate them manually. If you do so, the third parties who operate these platforms may be able to identify you, they may be able to determine how you use this website and they may link and store this information with your social media profile. Please consult the data protection policies of these social media platforms to understand what they will be doing with your personal data. If you activate these plug-ins and other features, you will be doing so at your own risk.

You can view, update or remove any personal information that you have provided to us for inclusion in your user profile emailing policies@mmcmg.com . If you subsequently elect to remove your user profile, we reserve the right to use any personal information previously provided by you for inclusion in your user profile for record keeping and quality assurance purposes (unless we are required by law to delete or cease to process or use your personal information). Even if you choose not to create a user profile, you can still use our websites to search for and purchase services.

7.6       Links to Other Websites
If you visit our website and decide, for example, to purchase a gift certificate, make an airline reservation, rent a car, submit award request forms or apply for a job online, you may be seamlessly linked to websites maintained by third parties with whom we have contracted to provide those services. If you click on a link found on our websites or on any other website, you should always look at the location bar within your browser to determine whether you have been linked to a different website. This Policy, and our responsibility, is limited to our own information collection practices. We are not responsible for, and cannot always ensure, the information collection practices or privacy policies of other websites maintained by third parties or our service providers where you submit your personal information directly to such websites. In addition, we cannot ensure the content of the websites maintained by these third parties or our service providers, even if accessible using a link from our websites. We urge you to read the privacy and security policies of any external websites before providing any personal information while accessing those websites.

Data Processors 
We as data collectors may use  third-party data processors for analytics services to help understand the way our website visitors use our website. In particular, we may provide a limited amount of your information (such as your room search, email address and name, should you provide these) to collect data for analytics purposes when you visit our website to book stay with us. As a data processor acting on our behalf, to analyzes your use of our website and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. We may also use a Data Processer as a medium for communications through live chat or automated messages within our website. Additionally we may take payments through Data Processors.  Sometimes our Data Processors also use third-party services, for processing such payments. 

7.7       Security
Because the security of your personal information is important to us, we use Transport Layer Security (“TLS”) software in order to encrypt the personal information that you provide to us. When using TLS, your transmission of personal information to us online will be encrypted. You can verify whether your personal information is transmitted using TLS encryption by confirming the symbol of a closed lock or solid key inside your browser address bar. You can also verify that your personal information will be encrypted using TLSL encryption by making sure that the prefix for the web address listed for that page has changed from “http” to “https”. If you do not see the appropriate symbol and/or the “https” prefix, you should not assume that the personal information that you are being asked to provide will be encrypted prior to transmission.

The personal information we collect from you online is stored by us and/or our service providers on databases protected through a combination of physical and electronic access controls, firewall technology and other reasonable security measures. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. Where required under law, we will notify you of any such loss, misuse or alteration of personal information that may affect you so that you can take the appropriate actions for the due protection of your rights.

7.8       Minor Children
Our websites do not sell products or services for purchase by children and we do not knowingly solicit or collect personal information from children. If you are under the age of 18 (or a minor in the jurisdiction in which you are accessing our websites), you may only use our websites with the involvement of a parent or guardian.

7.9       Targeted Advertising
Where permitted by law, we may work with other companies to share advertisements or marketing that we think you may find relevant and useful. This may include advertisements displayed on our own websites or apps or communications sent by us, or advertisements from us displayed on other companies' websites. The advertisements you see may be based on information collected by us or third parties and/or may be based on your activities on our websites or third-party websites.

8          Apps
When you download or register to use one of our apps, you may submit personal information to us such as your name, address, email address, phone number, date of birth, username, password and other registration information, financial and credit card information, personal description and/or image.

Further, when you use our apps, we may collect certain information automatically, including technical information related to your mobile device, your device’s unique identifier, your mobile network information, the type of mobile browser you use and information about the way you use the app.

Depending on the particular app you use and only after you have agreed to such collection, we may also collect information stored on your device, including contact information, friends lists, login information (where necessary to allow us to communicate with other apps at your request), photos, videos, location information or other digital content. Further details of the kinds of information we collect is set out in the privacy notice for each individual app.

9          Choice
You may always choose what personal information (if any) you wish to provide to us. However, if you choose not to provide certain details, some of your experiences with us may be affected (for example, we cannot take a reservation without a name).

If you provide us with your contact details (e.g., postal address, email address, telephone number or fax number), we may contact you to let you know about the products, services, promotions and events offered that we think you may be interested in. Additionally, where you have consented to us doing so, we may also share your personal information with carefully-selected third parties, who may communicate directly with you. You can always choose whether or not to receive any or all of these communications by contacting us as described in Section 12 below or following the “unsubscribe” instructions contained in the communications.

If you have an account with our frequent guest program we ask you to indicate your communication preferences at the time you apply for membership or when you create your user profile. We may also ask you to indicate how you would like to receive any offers, marketing and promotional information (e.g., via email or regular mail) and whether you would be willing to participate in surveys. Once you have indicated your preferences, you can always change them.

In some jurisdictions, in addition to you agreeing to this Policy, data privacy laws may require us to obtain a separate consent before we send you information that you have not specifically requested. In certain circumstances, your consent may be implied (e.g., where communications are required in order to fulfil your requests and/or where you have volunteered information for use by us). In other cases, we may seek your consent expressly in accordance with applicable laws (e.g., where the information collected is regarded to be Sensitive Personal Information under local regulations).

We will abide by any request from you not to send you direct marketing materials. When such a request is received, your contact details will be “suppressed” rather than deleted. This will ensure that your request is recorded and retained unless you provide a later consent that overrides it.

10        Updating or Accessing Your Personal Information
Under data protection law in Europe, you have various rights in relation to the personal information about you that we process.

With some limited exceptions, you have rights to access and update personal information held about you. If you want to inquire about any personal information we may have about you, you can do so by sending us a written request by letter or email to the addresses set out on our contact us page. Please be sure to include your full name, address and telephone number and a copy of a document evidencing your identity (such as an ID card or passport) so we can ascertain your identity and whether we have any personal information regarding you, or in case we need to contact you to obtain any additional information we may require to make that determination. Where you make more than one request in quick succession, we may respond to your subsequent request by referring to our earlier response and only identifying any items that have changed materially.

You may request that we correct, delete, and/or stop or restrict processing or using personal information that we hold about you by sending a letter or email to the addresses set out in contact us page. If we agree that the personal information is incorrect, or that the processing should be stopped, we will delete or correct the personal information. If we do not agree that the personal information is incorrect we will tell you that we do not agree, explain our refusal to you and record the fact that you consider that personal information to be incorrect in the relevant file(s).

You may also seek to exercise your right to data portability by sending a letter or email to the addresses on our contact us page.

Finally, you may in some circumstances have the ability to object to the processing of your personal information on the grounds of your particular situation. You may do so by sending us a written request by letter or email to the addresses set out on our contact us page. If we agree that you are entitled to so object, we will cease to process your personal information.

If you are unhappy with the way we have handled your request, you can escalate your concern to the Chief Privacy Officer by sending an email to privacy@policies.mmcmg.com

11        Changes to this Policy
Just as our business changes constantly, this Policy may also change. Where the Policy changes, we will take appropriate steps to bring the amendment to your attention. To assist you, this Policy has an effective date set out at the end of this document.

12 Request for Access to Personal Information/Questions or Complaints
If you have any questions about this Policy, about the processing of your data described, or any concerns or complaints with regard to the administration of the Policy, or if you would like to submit a request (in the manner described in Section 10 above) to exercise your rights in relation to the personal information that we maintain about you, please contact us by any of the following means:

Contact us page on our website. 
If you are not satisfied with the response that you receive, you can escalate your concern to the Chief Privacy Officer by sending an email to privacy@policies.mmcmg.com

While this Policy alone does not create contractual rights, we have ensured compliance with some of its legal obligations in some countries in relation to personal information by creating a set of binding standards and policies (known in some countries as binding corporate rules), approved by a number of national privacy regulators. As a result, depending on your circumstances and location, you may be able to enforce your privacy rights using those standards or policies through that regulator or a court. If you would like to know more about these standards and policies, please contact us at on our contact us page of our website or the Chief Privacy Officer at the email address above.

All requests for access to your personal information must be submitted in writing by letter or email. We may respond to your request by letter, email, telephone or any other suitable method.

13 Intellectual Property
All: 
(a)names, logos, and marks appearing under any domains and any subdomains except as otherwise noted are trademarks owned or used under licence. 
(b) photographs, maps, designs or other images, are owned or used under license by
The use or misuse of these trademarks or any other content on this site, except as provided in these terms and conditions or in the site content, is strictly prohibited. We will take legal action against any person that seeks to use any trademark, photograph or other image owned by us, without our prior written approval. Nothing contained on the site shall be construed as granting, by implication, estoppel or otherwise, any license or right to use any trademark, photograph or other image without our prior written permission.
Disclaimer
While we use reasonable efforts to include accurate and up to date information on this site, we make no warranties or representations about the accuracy or completeness of the content of this site or of the content of any sites linked to this site.
We assume no liability or responsibility for any errors or omissions in the content of this site. We have not reviewed all of the sites that might be linked to our site, and we are not responsible for the content of any of those sites.
Limitation of Liability
We provide the contents of our site for informational and convenience purposes only. We shall not be liable for any direct, incidental, consequential, indirect, or punitive damages arising out of access to or use of or reliance upon any content of this site or the content of any site or sites linked to this site.

14 Laws and regulations in Indonesia

The Indonesian government ensures the application of sanctions for misuse of personal data by third parties without rights and guarantees the protection of personal data in the virtual world. The application of sanctions is compliance with legislation and regulations through Law No. 11 of 2008 concerning Information and Electronic Transactions as amended by Law No. 19 of 2016 and Minister of Communication and Information No. Regulation. 20 of 2016 concerning Protection of Personal Data in Electronic Systems (PM 20/2016).

The Ministry of Communication and Information has also coordinated with the Directorate of Criminal Cyber ​​Criminal Investigation of the Indonesian Police Headquarters to conduct investigations / investigations into alleged criminal acts in cases of misuse of personal data by third parties.

Minister of Communication and Information Regulation No. 20 of 2016 concerning the Protection of Personal Data in Electronic Systems (PM 20/2016), which has been in effect since December 2016, the protection of personal data includes protection against the acquisition, collection, processing, analysis, storage, appearance, announcement, transmission, distribution and destruction of data personal.

Contact us page on our website. 
If you are not satisfied with the response that you receive, you can escalate your concern to the Chief Privacy Officer by sending an email to privacy@policies.mmcmg.com

While this Policy alone does not create contractual rights, we have ensured compliance with some of its legal obligations in some countries in relation to personal information by creating a set of binding standards and policies (known in some countries as binding corporate rules), approved by a number of national privacy regulators. As a result, depending on your circumstances and location, you may be able to enforce your privacy rights using those standards or policies through that regulator or a court. If you would like to know more about these standards and policies, please contact us at on our contact us page of our website or the Chief Privacy Officer at the email address above.

All requests for access to your personal information must be submitted in writing by letter or email. We may respond to your request by letter, email, telephone or any other suitable method.

Effective Date: 24 May 2018