Privacy Policy
PRIVACY POLICY
Introduction
Shangri-La International Hotel Management Limited ("Shangri-La", "we", "us", "our") respects your privacy, and is committed to protecting the privacy, confidentiality and security of the personal data you provide to us or that we collect about you when you use our website www.shangri-la.com or our mobile application(s) and other online products and services ("Site"), when you contact guest services, or when you otherwise interact with us. We are aware of our responsibilities to protect your personal data, to keep it secure and comply with applicable privacy and data protection laws. For the purposes of this Privacy Policy, “personal data” shall have the meaning as given to it by applicable privacy or data protection laws.
This Privacy Policy explains our personal data practices and the choices you can make about the way your personal data is used. This Privacy Policy gives effect to our commitment to protect your personal data and serves as the guidelines to be observed by all of the hotels, resorts and properties managed and/or operated by Shangri-La or its affiliates and subsidiaries.
You will be asked to consent to the terms of this Privacy Policy when making a reservation, joining the Shangri-La Circle programme, registering for events or promotions, or otherwise corresponding with us via the Site or otherwise where required under applicable law. Subject to the requirements of applicable law, your continued use of the Site will constitute your deemed consent or acknowledgement to the terms of this Privacy Policy.
Shangri-La International Hotel Management Limited, at 28/F, Kerry Centre, 683 King’s Road, Quarry Bay, the Hong Kong Special Administrative Region of the People’s Republic of China (“Hong Kong”) is responsible for using your personal data. Our data protection officer can be contacted via [email protected].
For Thailand, Shangri-La Hotel Public Company Limited, at 89 Soi Wat Suan Plu, New Road, Bang Rak, Bangkok 10500, Telephone: +66 (0) 2236 7777 is also the data controller who is responsible for collecting, using and/or disclosing your personal data. Our data protection officer can be contacted via [email protected]
For EU residents, Shangri-La Hotels (Paris) at 10 avenue d'Iéna, Paris 75116, France will act as our EU representative office. For UK residents, Shangri-La Hotels Pte Limited at Shangri-La Hotel, at the Shard, London, 31 St Thomas Street, London SE1 9 QU, United Kingdom will act as our UK representative office. Our European and UK data protection officer can be contacted via [email protected].
Types of Personal Data We Collect
Information you provide to us: we collect personal data you provide directly to us. The personal data collected by us include sensitive personal data under applicable data protection laws. Please note that these sensitive personal data are necessary for us to provide the relevant services to you, and our processing of such sensitive personal data is unlikely to impact your rights and interests. This includes:
- your full name, gender, date of birth, contact information (e.g. country of residence, physical address, email address and phone number) ,identification information, and passport and visa information;
- guest stay information, including the hotels where you have stayed, date of arrival and departure, goods and services purchased, special requests made, your service preferences, telephone numbers dialled and email, faxes, telephone and other messages received;
- your credit card, mobile payment and other payment details;
- your membership information, account details, profile or password details and any frequent flyer or travel partner programme affiliation;
- any information necessary to fulfill special requests (for example, leisure, travel and guest preferences);
- your reviews, feedback, opinions and interactions you have with us about our hotels, resorts, Shangri-La Circle programmes and services;
- information collected through the use of closed circuit television (“CCTV”) systems and other security systems; and
- any other personal data you choose to provide to us (e.g. health data, social media information).
Information We Collect Automatically When You Use the Site: when you access or use the Site, we automatically collect personal data about you, including:
- Log Information: we may collect system log information about your use of the Site, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to our Site as well as your membership enrolment time and membership login time..
- Device Information: we may collect information about the computer or mobile device you use to access our Site, including the hardware model, operating system and version, unique device identifiers (such as, IP address, IMEI number, the address of the device's wireless network interface, or mobile phone number used by the device) and mobile network information.
- Location Information: we may collect information about the location of your device each time you access or use one of our mobile applications or otherwise consent to the collection of this information. You can turn off location services for a device at any time, but this may turn off some useful features.
- Push related(Android): In order to ensure that the application can normally receive broadcast information pushed by the client when the application is closed or running in the background, the application must use the (self-start) capability. There will be a certain frequency of sending broadcast through the system to wake up the self-start or associated startup behavior of the application, which is necessary for the realization of functions and services; When you open content push messages, relevant content will be opened after obtaining your explicit consent. There is no associated startup without your consent.
- Information Collected by Cookies and Other Tracking Technologies: we and our service providers use various technologies to collect information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Site and your experience, see which areas and features of our Site are popular and count visits. Web beacons are electronic images that may be used in our services or emails and help deliver cookies, count visits and understand usage and campaign effectiveness. For more information about cookies, and how to disable them, please see our Cookies Policy.
Information We Collect From Other Sources: we may also obtain personal data from our hotels and from our third party service providers (such as information relating to the credit of guests) or via third party SDK platforms as set out in Appendix to this Privacy Policy and from public sources and combine that with information we collect through our Site where we believe that it is necessary to help manage our relationship with you.
Where you provide personal data of third parties (for example, names, gender, date of birth, relationship, and contact details of your family members in connection with bookings or family memberships), you confirm that you have their consent or rely on applicable legal basis to provide their personal data to us. We recommend you show them this Privacy Policy.
How We Collect, Use and Disclose Your Personal Data
Subject to the requirements of applicable law, we may collect, use and disclose your personal data for the purposes set out below. For the performance of our agreement with you, in order to:
- process, confirm, provide and charge for hotel arrangements, restaurant and spa reservations and our goods and services, and administer mobile (where applicable) and in person check in and check out;
- fulfill contractual obligations to you, anyone involved in the process of making your travel arrangements (e.g. travel agents, group travel organisers and your employer) and vendors (e.g. credit card companies, airline operators and other loyalty programmes);
- provide you with access to the content on our Site, and respond to your enquiries and requests for information and services; and
- administer, and disclose the winner of, contests and lucky draw competitions conducted by us or on our behalf.
For our legitimate commercial interests, in order to:
- understand how our products and services impact you, provide you with a better, more personalised level of service, and further develop our products and services, including linking or combining with information we get from others to do so;
- provide privileges, benefits and services to you, process applications for and administer membership programmes, verify and validate your ability to access and use certain products, services, facilities and information (such as Shangri-La Circle member-only information), and administer Shangri-La Circle membership, including as regards points and rewards redemption, points donation, and facilitation of family membership benefits;
- monitor your use of our Site and your bookings, and conduct analysis of the use of our Site in order to operate, evaluate, protect and improve our Site and our services, understand your preferences, display customised content to you on our Site which may be of interest to you and troubleshoot any problems;
- conduct market analysis, market research, customer satisfaction and quality assurance surveys to improve our hotels, resorts, membership programme and services; and
- manage and provide for the safety and security of guests, premises and services (including but not limited to handling any incidents, accidents or claims made by guests or customers, conducting investigations and/or audits, carrying out CCTV surveillance and conducting security clearances, handling lost and found).
For compliance with legal obligations to which we are subject, in order to:
- meet legal and regulatory requirements and administer general record keeping;
- prevent, detect and investigate crime and analyse and manage commercial risks (such as fraud); and
- conduct investigations.
Use of information based on your consent:
- to facilitate direct marketing, promotional and customer management purposes, including sending you promotional communications (including without limitation emails, SMS / MMS and push notifications) or special offers if you have consented to receive the same. Please see section “Direct Marketing” below;
- to use special categories of data (e.g. health data, biometric data, disability data, sensitive data from official identification documents if any, sexual behavior, religion, race, cult, and philosophical belief) only if we have received your explicit consent thereto for such activities separately; and
- for any other purposes for which we have obtained your consent, in accordance with the requirements of applicable law.
In addition, we collect, use, and disclose your personal data for the following purposes depending on the nature of our relationship:
- If you are a guest at our hotel(s), or a guest to events organised at our hotel(s):
- providing customer service and support;
- creating and maintaining guest profiles in our system database;
- administering debt recovery and debt management; and/or
- any other purposes relating to any of the above;
- If you are a customer or guest at our spa, health club, restaurants or bars;
- indemnifying our hotel(s) from liability related to your use of the spa or health club or consumption of restaurant or bar food and drinks outside the restaurant or bar;
- preventing or suppressing a danger to your life, body or health, where you are incapable of giving consent by whatever reason; and/or
- any other purposes relating to any of the above.
- If you are an employee, officer or owner of an external service provider or vendor outsourced or prospected by Shangri-La:
- managing project tenders and quotations, processing orders or managing the supply of goods and services;
- processing payment of vendor invoices and bills;
- maintaining internal communications; and/or
- any other purposes relating to any of the above.
- between and among Shangri-La and a limited number of our affiliates as are relevant for the above purposes and to facilitate the operation of our business, but we shall only do so on a need to know basis;
- with the operator of the hotel or the hub of hotels which you book, stay or visit for the above purposes;
- with third-party payment processors, payment service providers, external banks, credit card companies, IT and marketing support service providers, insurance companies and other consultants, vendors and service providers who need access to such information to carry out work or provide services on our behalf or who help us provide the Site to you or who help us detect, prevent, investigate or otherwise manage crime or commercial risks (such as fraud);
- vendors or third party service providers in connection with marketing promotions and services offered by Shangri-La (please also see the section below on “Direct Marketing”);
- with anyone involved in the process of making your travel arrangements (e.g. travel agents, group travel organisers, your employer, our partners, foreign embassies) in order to fulfill contractual obligations;
- with any law enforcement, courts, Government or regulatory bodies (in whatever jurisdiction), or otherwise in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, court order or legal process;
- if we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of Shangri-La, our affiliates or others;
- any business partner, investor, assignee, or transferee (actual or prospective) in connection with, or during negotiations of, or to facilitate any business asset transactions (which may extend to any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company, or any change of management of a hotel);
- with our advisors, which includes our accountants, auditors, lawyers, other professional advisors and business contacts for the purpose of assisting us to better manage, support or develop our business and comply with our legal and regulatory obligations;
- with any other party at your consent or at your direction or whom you authorize us to disclose your personal data toto (for example, when you link your KrisFlyer membership with your Shangri-La Circle account, we will share your name and date of birth with Singapore Airlines. For details about Singapore Airlines’ contact information and how it processes your personal data, please refer to their privacy policy available at https://www.singaporeair.com/en_UK/privacy-policy/); and
- otherwise as permitted or required by applicable laws and regulations.
- Basic personal information: full name, date of birth, nationality, address, personal phone number, email address, gender, residential country, company name and position, company contact details (e.g. physical address, phone number, email address), salutation, rate /market / source code, revenue info;
- Personal identity information: passport/ID number;
- Online identity information: IP address, Shangri-La Circle loyalty membership number and tier;
- Information of often used equipment: hardware serial number, equipment MAC address, unique equipment identifier;
- Personal property information: virtual property information including Shangri-La Group member points balance and transaction history, transaction (Stay & Spending) & consumption record, credit card or other payment card information;
- Basic personal information: name, phone number, email, address, photo, language, salutation, gender, nationality, residential country, date of birth, company, position, rate /market / source code, revenue info, purpose of visit;
- Personal identity information: passport/ID number;
- Online identity information: Shangri-La Circle loyalty membership number and tier, hotel guest unique profile ID;
- Physiological and health information: food allergy, any other health related information as provided by guests;
- Personal property information: credit card information
- Other information: accommodation information, reservations confirmation number, wellness transaction records, feedback.
- To manage your loyalty membership
- To manage the business traveler programme that your organization participated in
- Basic personal information: full name, date of birth, gender, nationality, address, phone number, email address, company, position, title, family relation, language preference, office mailing address;
- Online identity information: membership information;
- Personal identity information: passport or ID card;
- Personal property information: transaction details (e.g. restaurant dine in, spa etc.), credit card information;
- Other information: reservation information, stay records, transaction details (e.g. restaurant dine in, spa etc), room preference.
- To manage your loyalty membership
- To manage the business traveler programme that your organization participated in
- Basic personal information: name, email, phone number, order information (including order date, order number and order source), mailing address;
- Personal identity information: ID card numbers if you use value card.
- what a cookie is (paragraph 2);
- an overview of the cookies we use (paragraph 3);
- what you can do if you do not agree to the use of the cookies (paragraph 4); and
- further information about cookies in general (paragraph 5).
- Google Analytics stored by Google for 1 day to 2 years, depending on the cookies – We use Google Analytics to help analyse which pages on our website visitors viewed. When you visit our website, your web browser automatically sends certain information to Google. For further information on how Google uses your data, please refer to https://www.google.com/intl/en/policies/privacy/partners/. To opt-out, please click: here.
- Adobe Analytics stored by Adobe for zero (session cookie) to 2 years, depending on the cookies - We use Adobe Analytics to help analyse visitors’ activities on our website, such as analysing clickstream data and tracking historical activities. For further information on how Adobe Analytics cookies work, please see https://marketing.adobe.com/resources/help/en_US/whitepapers/cookies/cookies_analytics.html To opt-out, please see: https://www.adobe.com/hk_en/privacy/opt-out.html
- Adobe Audience Manager stored by Adobe for 6 months to 2 years, depending on the cookies - We use Adobe Audience Manager for visitors’ website activity analysis and personalised user marketing, such as identifying visitors, creating user segments, recording data calls, synchronizing data, error tracking and testing. For further information on how Adobe Audience Manager cookies work, please see https://marketing.adobe.com/resources/help/en_US/whitepapers/cookies/cookies_am.html To opt-out, please see: https://www.adobe.com/hk_en/privacy/opt-out.html
- Flurry Analytics stored by Yahoo with no expiry date - We use Flurry Analytics to help us collect unexpected crash logs of our mobile application users (excluding those in the People’s Republic of China except for Hong Kong, Taiwan and Macao) to improve stability and performance of our mobile application and to track how users use our mobile application. For more information on how Flurry Analytics uses your data, please refer to https://policies.yahoo.com/us/en/yahoo/privacy/index.htm
- Umeng Analytics stored by Umeng with no expiry date - We use Umeng Analytics to help us collect unexpected crash logs of our mobile application users in the People’s Republic of China except for Hong Kong, Taiwan and Macao to improve stability and performance of our mobile application and to track how users use our mobile application. For more information on how Umeng Analytics uses your data, please refer to http://www.umeng.com/policy.html To opt-out, please see https://dip.umeng.com/opt_out.html
- pardot.com stored by Pardot for 1 day to 2 years – We use Pardot to track visitors’ activities on our website by remembering preferences (such as how the visitors use our website and which pages are viewed most often) when the visitors return to our website. For further information on how Pardot uses your data, please refer to Pardot’s Privacy Policy. To opt-out, see section 4 of Pardot’s Privacy Policy and/or click the Cookie Preferences link in the footer of the Pardot’s Privacy Policy .
- Branch stored by Branch for 7 days to 2 years, depending on the cookies – We use Branch to help analyse by what sources our visitors arrive our mobile application and website. When you visit our website or use our mobile application, your browser automatically sends certain information to Branch. For further information on how Branch uses your data, please refer to https://branch.io/policies/#privacy. To opt-out, please refer to: https://app.link/optout.
- Akamai CDN stored by Akamai for 1 day - We use Akamai Content Delivery Network (CDN) for page caching to enhance our website performance and security. For further information on how Akamai CDN uses your data, please refer to https://www.akamai.com/us/en/privacy-policies/
- ASP.NET_SessionId stored by Microsoft - Our website is .net based and we use ASP.NET to identify user sessions on our website. The data is not stored because this is a session cookie. For more information on how ASP.NET cookies work, please see https://msdn.microsoft.com/en-us/library/ms178194.aspx
- .ASPXFORMSAUTH stored by Microsoft - We use .ASPXFORMSAUTH for authentication on our website’s logon page to identify users. The data is not stored because this is a session cookie. For more information about how the authentication cookies work, please see https://support.microsoft.com/en-us/help/910443/understanding-the-forms-authentication-ticket-and-cookie
- DoubleClick stored by Google for 2 years - Google (doubleclick.net) sets cookies to display personalised user marketing on other websites and track transactions made by you on www.shangri-la.com. For more information on how DoubleClick uses your data, please refer to https://www.google.com/intl/en/policies/privacy/
- fr stored by Facebook for 3 months - Facebook (facebook.com) sets cookies to display personalised user marketing on other websites and track transactions made by you on www.shangri-la.com. For more information on how Facebook uses your data, please refer to https://en-gb.facebook.com/policies/cookies/
- CMBMP, PYID and sessionId stored by IPINYOU for zero (session cookie) to 2 years, depending on the cookies - IPINYOU (ipinyou.com) sets cookies to display personalised user marketing on other websites and track transactions made by you on www.shangri-la.com. For more information on how IPINYOU uses your data, please refer to http://www.ipinyou.com.cn/privacy
- _kuid_ stored by Salesforce for 6 months - Salesforce (krxd.net) sets cookies to display personalised user marketing on other websites and track transactions made by you on www.shangri-la.com. For more information on how Salesforce uses your data, please refer to https://www.salesforce.com/company/privacy/full_privacy/
- cm_cookie and reduplicate_cookie stored by WeChat for 1 day to 6 months, depending on the cookies - WeChat (l.qq.com) sets cookies to display personalised user marketing on other websites and track transactions made by you on www.shangri-la.com. For more information on how WeChat uses your data, please refer to http://weixin.qq.com/cgi-bin/readtemplate?lang=en_US&check=false&t=weixin_agreement_cookies
- cid and gid stored by Sojern for 2 years - Sojern (sojern.com) sets cookies to display personalised user marketing on other websites and track transactions made by you on www.shangri-la.com. For more information on how Sojern uses your data, please refer to https://www.sojern.com/privacy/website-privacy-policy/
- adsrvr.org: stored by The Trade Desk for 18 months – The Trade Desk sets cookies to display personalized user marketing on other websites and measures the marketing performance. For more information on how The Trade Desk uses your data, please refer to: https://www.thetradedesk.com/general/privacy. To opt-out from the cookies, please refer to: https://www.adsrvr.org/.
-
thn_id stored by The Hotels Network, S.L. for 365 days – The Hotels Network, S.L. sets this cookie to identify users with a unique ID in their next visit to www.shangri-la.com so that their visit could be personalized for better user experience. For more information on how The Hotels Network, S.L. uses your data, please refer to https://thehotelsnetwork.com/en/cookies-policy.
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Mozilla Firefox: http://support.mozilla.com/en-US/kb/Cookies
- GoogleChrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647
- Safari: http://support.apple.com/kb/PH5042
- Opera: http://www.opera.com/help/tutorials/security/privacy/
- Adobe (flash cookies): https://www.adobe.com/support/flash/downloads.html
In order to register with our mobile application(s), make an online hotel reservation, enrol with the Shangri-La Circle programmes or if you make an enquiry, you must provide us with the personal data marked with an asterisk or otherwise indicated as mandatory, otherwise we may not be able to process your request or comply with our legal obligations.
In addition to the above, except in limited instances where your consent is required, we may also collect, use, and disclose your personal data on the legal basis of (i) vital interest for the prevention or suppression of danger to a person's life, body, or health; (ii) public interest for the performance of task carried out in the public interest or for exercising of official authorities or duties; and/or (iii) the necessity for an establishment and defenses of legal claims.
Disclosures of Your Personal Data
Subject to the provisions of any applicable law, we may share your personal data to the following entities and parties, for the purposes listed above (where applicable):
We may also disclose, aggregate or de-identified data that is not personally identifiable with third parties, including our commercial and strategic partners.
Overseas Transfers of Your Personal Data
Your personal data will be transferred to, and stored at, locations in Hong Kong and Singapore and in the location of the hotel in which you make reservations, stay or visit. It will also be accessed and processed by our personnel and the personnel of our partners, affiliates and third party service providers, who operate outside of Hong Kong, Singapore and the location of the hotel in which you make reservations, stay or visit. Your personal data will only be transferred to locations outside of Hong Kong, Singapore and the location of the hotel in which you make reservations, stay or visit where we are satisfied that adequate or comparable levels of protection are in place to protect personal data held in that jurisdiction or that appropriate safeguards are put in place (including standard data protection clauses for transfer from the EU to outside the EU and for access or transfers outside of the People’s Republic of China (excluding Hong Kong SAR, Macau SAR, and Taiwan, as referred to as “PRC” hereinafter), or other derogations as allowed by laws and (where we are required to do so) with your consent.
Where you are located within the PRC, we will transfer your personal data to Shangri-La International Hotel Management Ltd. in Hong Kong (whose contact information and channel for exercising data subjects’ rights are [email protected]) in below scenarios. We provide in the table below of the transfer purpose, types of personal data transferred, the processing purpose and processing method of the foreign recipient:
Business scenario | Purpose of transfer | Types of personal data transferred | Processing purpose of the foreign recipient | Processing method of the foreign recipient |
---|---|---|---|---|
Pre-arrival: Guest room reservation before arriving at the hotel | To handle your room reservation on a centralized basis |
|
To handle your room reservation on a centralized basis | Collection, use, storage, transmission and entrusted processing |
Post Stay: loyalty program management |
|
|
|
Collection, use, and storage. |
Product Sale on WeChat | To handle your purchase order on the WeChat store |
|
To handle your purchase order on the WeChat store | Collection, use, storage, transmission and entrusted processing |
Event management | To provide you with venue, room, catering and other services related to conference or wedding activities | Basic personal information: name, email, phone. | To provide you with venue, room, catering and other services related to conference or wedding activities | Collection, use, storage, and entrusted processing |
Supplier registration, tender management and purchase order fulfillment | To provide access to supplier contact information and supplier sourcing, including tender details, respond to proposal requests, review purchase orders and goods received, submit invoices and all other related activities to streamline the procurement operations | Basic personal information: Supplier contact person name, email, phone and job title. | To provide access to supplier contact information and supplier sourcing, including tender details, respond to proposal requests, review purchase orders and goods received, submit invoices and all other related activities to streamline the procurement operations | Collection, use, storage, and entrusted processing |
Direct Marketing
From time to time, we would like to use your name, email address, mobile phone number, and other relevant contact information to send you either via emails, SMS / MMS messages, telephone calls, push notifications, post, or social media (e.g. WeChat and Facebook) information that we think may be of interest to you, including about our hotels, products and services, news about our membership programme (if you become a member of Shangri-La Circle), satisfaction surveys, events, offers and promotions, but we can only do so with your consent.
We would also like to share (for gain) such data with the operator of the hotel or hub of hotels in which you stay or visit and with selected third party entities, so that they may send you information, news updates, special events, offers and promotions as regards their products and services, including travel, transportation, retail, food and beverage, hotel accommodation, credit cards, financial and investment services, real estate, entertainment, publications, fashion and jewellery, leisure and sports, health and wellness, non-profit and charitable activities, telecommunications, social networking, media and public relations, but we will not share your personal data with such third parties or use your personal data for direct marketing without your consent.
You may, in accordance with applicable law, choose not to receive marketing communications or opt-out from receiving marketing communications at any time, free of charge, by following the unsubscribe instructions contained in the marketing communications or contacting Shangri-La in accordance with the section “Your Rights and Contact Us” below. If you opt out of these communications, we may still send you non-promotional communications, such as those about your reservation or Shangri-La Circle programme members communications, unless we are prohibited from doing so by applicable laws.
Retention of Personal Data
In certain countries, the collection and retention of personal data is mandated by law. To the extent required or permitted by law, we take reasonable steps to delete, destroy, de-identify or redact personal data in a secure manner when retention is no longer necessary for legal or business purposes for which it was collected (as set out in this Privacy Policy) or when requested by you. In any event, we do not retain your personal data for longer than six (6) years, subject to local laws and regulations.
Our Commitment to Data Security
We have in place reasonable technical and organisational measures to prevent unauthorised or accidental access, processing, erasure, loss or use of your personal data and to keep your personal data confidential. These measures are subject to ongoing review and monitoring. To protect your personal data, we also require our third party service providers to take reasonable precautions to keep your personal data confidential and to prevent unauthorised or accidental access, processing, erasure, loss or use of personal data, and to act at all times in compliance with applicable data protection laws.
We cannot guarantee that our Site will function faultless and without any interruptions. We shall not be liable for damages that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.
We recommend that where applicable, you change your passwords often, use a combination of letters and numbers, and ensure that you use a secure browser. If applicable, you undertake to keep your username and password secure and confidential and shall not disclose or permit it to be disclosed to any unauthorised person, and to inform us as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorised transactions have taken place. We are not liable for any damages resulting from any security breaches, on unauthorised and/or fraudulent use of your username and password.
Children,Minors, Quasi-Incompetent Persons, and Incompetent Persons
Except where required by local laws, we do not knowingly collect personal data from minors, quasi-incompetent persons, and incompetent persons. If you are a minor, quasi-incompetent persons, and incompetent persons, you may only use our Site and services with the permission of your parent, or guardian, or curator.
If you are in the EU, our online services are not directed at children under the age of 13. If you believe we have collected information about a child under the age of 13, please contact us so that we may take appropriate steps to delete such information. If you are at least 13 but under the age of 16, please get the consent of your parent or legal guardian before giving us any personal data about yourself.
If you are in the PRC, our online services are not directed at children under the age of 14. If you are under the age of 14, please get the consent of your parent or legal guardian before giving us any personal data about yourself.
If you are in Thailand, our online services are not directed at children under the age of 20. If you believe we have collected information about a child under the age of 20, please contact us so that we may take appropriate steps to delete such information. If you are under the age of 20 and other legal exceptions cannot be relied on, please get the consent of your parent or legal guardian before giving us any personal data about yourself.
Third Party Sites
The Site may contain links to other websites, apps, content, services or resources on the internet which are operated by third parties. If you access other websites, apps, content, services or resources using the links provided, please be aware they may have their own privacy policy, and we do not accept any responsibility or liability for these policies or for any personal data which may be collected through these sites. Please check these policies before you submit any personal information to these sites.
Your Rights and Contact Us
Subject to applicable law, you may be entitled to access, make/ raise objection to processing, rectify, erase (including deletion of your membership account), limit the use or transfer the personal data we hold of you, exercise the right to data portability, or lodge a complaint to a competent authority. Whenever reasonably possible and required, we will strive to grant these rights within one (1) month or within a reasonable time or as required by applicable local data protection law (e.g. within 15 working days in the PRC). You may also withdraw your consent to receiving direct marketing communications, or more generally to our processing of your personal data if based on your consent, at any time. You may also be entitled to appeal and object to important decisions which were made based solely on automated decision-making. You may in certain circumstances ask us to cancel your membership account or delete your personal data, in which case, to the extent permissible by applicable law, we will take reasonable steps to delete or de-identify your personal data. Please note that we may not be able to continue providing services to you if you entirely withdraw your consent or ask us to delete your personal data entirely, and this may also result in the termination of any agreements with Shangri-La.
If you would like us to update the data we maintain about you and your preferences, or if you wish to withdraw your consent to receiving direct marketing communications from us, please contact us by email at [email protected].
For any other requests (including deletion of your membership account), or if you have any questions or complaints about how we handle your personal data, please contact our data protection officer by email at [email protected] or by post at 28/F Kerry Centre, 683 King’s Road, Quarry Bay, Hong Kong, or other contact details as set out in the “Introduction” section above.
Changes to the Privacy Policy
We may modify this Privacy Policy from time to time. Any changes to this Privacy Policy will be posted to the Site so that you are always informed of the way we collect and use your personal data, and we encourage you to review this Privacy Policy whenever you access the Site or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy. Updated versions of this Privacy Policy will include the date of the revision at the end of this Privacy Policy so that you are able to check when the Privacy Policy was last amended. Any changes to this Privacy Policy will become effective upon posting of the revised Privacy Policy on the Site. Use of the Site following such changes constitutes your acceptance of the revised Privacy Policy then in effect but, to the extent such changes have a material effect on your rights or obligations as regards our handling of your personal data, such changes will only apply to personal data after the changes are applied (and, where required under applicable law, we will obtain your consent to material changes to the Privacy Policy).
Miscellaneous
This Privacy Policy is governed by and shall be construed in accordance with the laws of Hong Kong.
This Privacy Policy is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this Privacy Policy, the English version shall prevail.
Last Updated: 4 October 2024
Appendix:
Third party SDK platforms: Baidu SDK
Personal information type: Device information includes device ID (Android ID, IDFA, IDFV), system information (operating system version, device brand, model, device configuration), application information. Location information includes: latitude and longitude, GNSS information, WiFi address and signal strength information, WiFi status, WiFi parameters, WiFi list, base station ID data information, operator information, device signal strength information, IP address, Bluetooth information and sensor information; Network information includes: mobile network, WiFi network information.
Purpose: Display map information
Compliance Specification Link: https://lbsyun.baidu.com/index.php?title=openprivacy
Third party SDK platforms: Jiguang SDK
Personal information type: Device information (device type, device model, system version, and related hardware information), device identifier (IMEI, IDFA, Android ID, GID, MAC, OAID, VAID, AAID, IMSI, MEID, UAID, SN, ICCID, SIM information), location information (latitude and longitude information), network information (IP address, WiFi information, base station information, DNS address, DHCP address, SSID, BSSID).
Purpose: Send APP push notification and inbox messages to users
Compliance Specification Link: https://www.jiguang.cn/license/privacy
Third party SDK platforms: Amap SDK
Personal information type: Location information (latitude and longitude, exact location, rough location); Device information (IP address, GNSS information, WiFi status, WiFi parameters, WiFi list, SSID, BSSID, base station information, signal strength information, Bluetooth information, sensor information, device signal strength information, external storage directory); Device identifier (IMEI, IDFA, IDFV, Android ID, MEID, MAC Address, OAID, IMSI, ICCID, and Hardware Serial number), current application information (application name and application version), device parameters and system information (system attributes, device model, operating system, and operator information)
Purpose: Display hotel map information and navigation details
Compliance Specification Link: https://lbs.amap.com/pages/privacy/
Third party SDK platforms: Umeng+ SDK
Personal information type: Device Information (IMEI/Mac/ Android ID/IDFA/OPENUDID/GUID, SIM card IMSI information)
Purpose: Conduct statistical analysis
Compliance Specification Link: https://www.umeng.com/page/policy
Third party SDK platforms: WeChat Login SDK
Personal information type: Device model, operating system, Android ID/OAID, login IP address, WeChat software version, network access mode, type and status, network quality data, device sensor information, running process information, installed application information.
Purpose: Provide WeChat login function
Compliance Specification Link: https://weixin.qq.com/cgi-bin/readtemplate?lang=zh_CN&t=weixin_agreement&s=privacy
Third party SDK platforms: WeChat Payment SDK
Personal information type: Device information
Purpose: Provide WeChat payment function
Compliance Specification Link: https://www.tenpay.com/v3/helpcenter/low/privacy.shtml
Third party SDK platforms: WeChat Sharing and collecting SDK
Personal information type: Device model, operating system, Android ID/OAID, login IP address, WeChat software version, network access mode, type and status, network quality data, device sensor information, running process information, installed application information.
Purpose: Provide content sharing and collection function
Compliance Specification Link: https://weixin.qq.com/cgi-bin/readtemplate?lang=zh_CN&t=weixin_agreement&s=privacy
Third party SDK platforms: Alipay Payment SDK
Personal information type: Device brand, device model, device name, IP address, MAC address, device software version, device identification information (such as IMEI, IDFA, OAID, and IMSI), location, network usage habits, installed application information, installed software information, and other log information related to Alipay service.
Purpose: Provide Alipay payment function
Compliance Specification Link: https://render.alipay.com/p/c/k2cx0tg8
Third party SDK platforms: Geetest SDK
Personal information type: Device information (device system information, device manufacturer information, device model, device brand, etc.), device network information (device networking status and networking type, etc), device environment information (device screen size, device battery charging status, device power, device jailbreak identifier, device debugging identifier, user biometric information, other information (verification time stamp, installation package name, etc
Purpose: Provide verification function
Compliance Specification Link: https://www.geetest.com/en/Privacy
Third party SDK platforms: Xgate SDK
Personal information type: Device information
Purpose: Provide SMS identification function
Compliance Specification Link: https://www.xgate.com/zh-hans/%E9%9A%90%E7%A7%81%E6%94%BF%E7%AD%96/
Third party SDK platforms: Openinstall SDK
Personal information type: Device information(SDK version, application version, application package name, IP address (used for positioning geographical location), device model, terminal manufacturer, system version of operating terminal device, Android ID, Serial Number, clipboard information, running process information
Purpose: Record user installation channels and synchronize data
Compliance Specification Link: https://www.openinstall.io/privacy.html
Third party SDK platforms: Adobe SDK
Personal information type: Device information and device network information
Purpose: Provide personalized marketing for users, logging user data requests, synchronizing data, tracking errors and testing
Compliance Specification Link: https://www.adobe.com/privacy/policy.html
Third party SDK platforms: Facebook SDK
Personal information type: Device information
Purpose: Provide content sharing function
Compliance Specification Link: https://www.facebook.com/privacy/explanation/
Third party SDK platforms: Firebase SDK
Personal information type: Device information, device identification number, system logs
Purpose: Data tracking and analysis
Compliance Specification Link: https://firebase.google.com/support/privacy
Third party SDK platforms: Bugly
Personal information type: Device information(mobile phone model, mobile phone brand, system version, CPU architecture type, device disk information, device unique identifier, etc.), device network information, running process information, system logs
Purpose: Tracking errors and testing
Compliance Specification Link: https://privacy.qq.com/document/preview/fc748b3d96224fdb825ea79e132c1a56
Third party SDK platforms: Sentry
Personal information type: Device information, system logs, network logs, device sensor information
Purpose: Tracking errors and testing
Compliance Specification Link: https://sentry.io/privacy/
Third party SDK platforms: vingcard (Bluetooth room key)
Personal information type: Device information
Purpose: Mobile room key
Compliance Specification Link: https://www.assaabloy.com/hk/en/privacy-center
Third party SDK platforms: Saflok(Bluetooth room key)
Personal information type: Device information
Purpose: Mobile room key
Compliance Specification Link: https://www.dormakaba.com/us-en/privacy-policy
Third party SDK platforms: BotManagerPremier SDK
Personal information type: Device information, network logs, device sensor information
Purpose: Network request data security monitoring
Compliance Specification Link: https://www.akamai.com/zh/legal/privacy-and-policies
Third party SDK platforms: wecast
Personal information type: Device information
Purpose: Mobile phone screen casting function
Compliance Specification Link: https://privacy.qq.com/policy/tencent-privacypolicy
Third party SDK platforms: Google sign in SDK
Personal information type: Gmail address
Purpose: Sign in or enrolment by gmail
Compliance Specification Link: https://policies.google.com/privacy
Third party SDK platforms: MSA Mobile Security Alliance SDK
Personal information type: Device information, device network information, software application information
Purpose: Provide read to open anonymous device identifier (OAID), developer anonymous device identifier (VAID) and application anonymous device identifier (AAID). The SDK of the MSA Mobile Security Alliance integrates SDKS of Asus, Huawei, Netease, and Samsung.
Compliance Specification Link: http://www.msa-alliance.cn/col.jsp?id=122
Third party platforms: Sojern
Personal information type: IP, Device and Browser Information
Purpose: Create customized marketing strategies for individual users. Enhance campaigns to improve their targeting efficiency. Identify the sources of bookings attributed to specific marketing campaigns
Compliance Specification Link: https://www.sojern.com/privacy/privacy-policy
Third party SDK platforms: Volcengine Growth Marketing Kit SDK
Personal information type: Device brand, device model, device name, IP address, MAC address, device software version info, device identification (such as IMEI, IDFA, IDFV, OAID, MEID, ICCID, etc), Operator info, OS info
Purpose: Log user data requests, sync data, track bugs and test
Compliance Specification Link: https://www.volcengine.com/docs/6287/72380
Third party SDK platforms: TrustDecision SDK
Personal information type: Device Information, such as(IMEI/IDFA), AndroidID, OAID, MEID, IMSI, MAC address, SIM card serial number, device type, device model, system type, geographic location, login IP address, application list, running process, sensor information (light sensor, gravity sensor, magnetic field sensor, acceleration sensor, gyroscope sensor) and other related device information.
Purpose: Fraud risk detection and business security and risk control
Compliance Specification Link: https://www.trustdecision.com/legal/privacy-policy
COOKIES POLICY
This policy ("Cookies Policy") is issued by Shangri-La International Hotel Management Limited (referred to as "we", "us", "our"). This Cookies Policy applies to our use of cookies in connection with our website www.shangri-la.com and our mobile application(s) (collectively "Site").
By continuing to use our Site, you are agreeing to our use of cookies in the manner set out in this Cookies Policy.
If you do not wish to accept cookies in respect of your use of this Site, you should stop using the Site, or turn off your cookies (see paragraph 4), but this may affect the functionality of the Site.
1. WHAT THIS COOKIES POLICY COVERS
This Cookies Policy sets out:
2. WHAT IS A COOKIE?
After you enter the Site, the Site will make use of "cookies". Cookies are small text files containing small amounts of information which are downloaded and may be stored on any of your internet enabled devices e.g. your computer, smartphone or tablet - like a memory for a web page. This Cookies Policy provides you with information about the cookies we use and why. Our Privacy Policy sets out full details of the other information we may collect and how we may use your personal data. If you do not wish to accept cookies in connection with your use of this Site, you should stop using it or turn off your cookies (see paragraph 4 below for how to do this) but this may affect the functionality of the Site.
3. COOKIES USED ON THE SITE
We use several different types of cookies. In particular, we use the following first party cookies: necessary cookies which allow certain fundamental features of the Site to work; functional cookies, which allow us to remember choices you make (e.g. your cookie preference), performance cookies, which monitor usage of the Site and advertising cookies which record the fact that you have visited the Site and then which links you have accessed whilst you use the Site.
We also use third party cookies - these are cookies that are set by a third party website or applications rather than by us. In particular, the Site allows cookies of third party social networks (e.g. Facebook and LinkedIn), and this enables a user to share content of the Site on social networks. These third parties may use cookies, but their use of cookies will not be governed by this Cookies Policy.
Some of these are session cookies which are temporary and allow us to link your actions during a browser session. These are deleted at the end of your browsing session. Others are persistent cookies which remain on your device for the period of time specified in the cookie. These cookies help us identify you as a unique user (by storing a randomly generated number).
The Site uses first party cookies for the following purposes:
a) necessary cookies
Necessary cookies are essential and help you navigate the Site. These cookies make sure your basket is saved during all steps of the checkout process. This helps to support security and basic functionality of the Site. These cookies are necessary for the proper operation of our Site, so if you block these cookies we cannot guarantee your use or the security of our Site during your visit.
b) functional cookies
Functional cookies are used to provide you the best user experience. These cookies are for instances used to save and remind you about reservations you have started to make, so will save you time if you want to complete your reservation at a later stage. These cookies could also recognise if a Site user has already signed up for our newsletter/requested information about a service or if the user is seeing a certain page for the first time.
c) performance cookies
Performance cookies help us to understand the behaviour of our visitors and the usage of the Site. This allows us to continuously improve the Site to provide you the best user experience. These cookies are also used to help us understand what interests our users, and measure how effective our advertising is. Some of these cookies are managed by third parties, and you may refer to the third parties' own website privacy notifications for further information.
By way of example, we use Google Analytics cookies to obtain an overall view of visitor habits and visitor volumes, and to help improve the overall experience on our Site. Google Analytics is a third-party web analysis service provided by Google Inc, which uses "performance cookies" and "targeting cookies" to analyse how you use the Site. The information generated by the cookie about your use of the Site (including your IP address) will be transmitted to and stored by Google on servers in the United States. However, this website uses Google Analytics with the expansion '_anonymizeIp()' which means that Google will truncate/anonymise the last octet of the IP address for Member States of the European Union.
On behalf of us, Google will use the information collected for the purpose of evaluating your use of our Site, compiling reports on Site activity and providing other services relating to Site activity and internet usage to us. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser as described below. Furthermore you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB#. You may disable the use of Google Analytics by using the link disable Google Analytics. This link creates an opt-out cookie which prevents the further processing of your data. For more information about Google Analytics cookies, please see Google's help pages and privacy policy.
We also use Adobe Experience Cloud cookies, namely Adobe Analytics and Adobe Audience Manager, to analyze visitors’ activities on our website. You may disable the use of Adobe Experience Cloud cookies to stop further processing your data by following the instructions set out in this link: https://www.adobe.com/hk_en/privacy/opt-out.html. For more information about Adobe Experience Cloud cookies, please see the Adobe privacy policy.
If you do not accept the use of these cookies, we cannot guarantee how our Site will perform for you.
d) advertising cookies
Advertising cookies will remember your preferences and, in general, that you visited the Site. We strive to provide you with advertisements for hotels, resorts, and other products and services relevant to you and your interests on other online platforms, where available. These cookies are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of advertisements.
More specifically, we may use the following cookies on our Site:
Performance Cookies
Necessary Cookies
Advertising Cookies
Functional Cookies
4. CONTROL YOUR COOKIE SETTINGS
We shall store a cookie on your computer or device to remember this for next time. You can change your browser settings so that you receive a warning before certain cookies are stored. You can also adjust your settings so that your browser refuses most of our cookies or only certain cookies from third parties. If you wish to withdraw your agreement at any time, you will need to delete our cookies using your internet browser settings. You should do this through the browser settings for each browser you use. Please be aware that some of our services will not function if your browser does not accept cookies. However, you can allow cookies from specific websites by making them “trusted websites” in your internet browser. The following links may assist you in managing your cookies settings, or you can use the 'Help' option in your internet browser for more details.
To block Google Analytics cookies specifically, you can install the “Google Analytics Opt-out Browser Add-on” provided by Google. If you share the use of a computer, accepting or rejecting the use of cookies may affect all users of that computer.
The above instructions on browser settings are relevant when you use or access our website www.shangri-la.com.
5. OTHER INFORMATION
The following link contains further information about cookies:
In addition, a guide to online privacy has been produced by the internet advertising industry which can be found at:
We may change this Cookies Policy from time to time by posting the updated version of the policy on our Site. Please check this Site periodically to be informed of any changes.
6. CONTACT US
If you have any questions about the cookies used on our website, please contact us at [email protected].
Last Updated: 3 May 2023