Shangri-La International Hotel Management Limited, at 28/F, Kerry Centre, 683 King’s Road, Quarry Bay, the Hong Kong Special Administrative Region of the People’s Republic of China (“Hong Kong”) is responsible for using your personal data. Our data protection officer can be contacted via firstname.lastname@example.org.
For Thailand, Shangri-La Hotel Public Company Limited, at 89 Soi Wat Suan Plu, New Road, Bang Rak, Bangkok 10500, Telephone: +66 (0) 2236 7777 is also the data controller who is responsible for collecting, using and/or disclosing your personal data. Our data protection officer can be contacted via email@example.com.
For EU residents, Shangri-La Hotels (Paris), at 10 avenue d'Iéna, Paris 75116, France will act as our EU representative office. For UK residents, Shangri-La Hotels Pte Limited at Shangri-La Hotel, at the Shard, London, 31 St Thomas Street, London SE1 9 QU, United Kingdom will act as our UK representative office. Our European and UK data protection officer can be contacted via firstname.lastname@example.org.
Types of Personal Data We Collect
Information you provide to us: we collect personal data (including where applicable sensitive personal data) you provide directly to us. This includes:
Information We Collect Automatically When You Use the Site: when you access or use the Site, we automatically collect personal data about you, including:
How We Collect, Use and Disclose Your Personal Data
Subject to the requirements of applicable law, we may collect, use and disclose your personal data for the purposes set out below.
For the performance of our agreement with you, in order to:
For our legitimate commercial interests, in order to:
For compliance with legal obligations to which we are subject, in order to:
Use of information based on your consent:
In addition, we collect, use, and disclose your personal data for the following purposes depending on the nature of our relationship:
In order to register with our mobile application(s), make an online hotel reservation, enrol with the Shangri-La Circle programmes or if you make an enquiry, you must provide us with the personal data marked with an asterisk or otherwise indicated as mandatory, otherwise we may not be able to process your request or comply with our legal obligations.
In addition to the above, except in limited instances where your consent is required, we may also collect, use, and disclose your personal data on the legal basis of (i) vital interest for the prevention or suppression of danger to a person's life, body, or health; (ii) public interest for the performance of task carried out in the public interest or for exercising of official authorities or duties; and/or (iii) the necessity for an establishment and defenses of legal claims.
Disclosures of Your Personal Data
Subject to the provisions of any applicable law, we may share your personal data to the following entities and parties, for the purposes listed above (where applicable):
We may also disclose aggregate or de-identified data that is not personally identifiable with third parties, including our commercial and strategic partners.
Overseas Transfers of Your Personal Data
Your personal data will be transferred to, and stored at, locations in Hong Kong and Singapore and in the location of the hotel in which you make reservations, stay or visit. It will also be accessed and processed by our personnel and the personnel of our partners, affiliates and third party service providers, who operate outside of Hong Kong, Singapore and the location of the hotel in which you make reservations, stay or visit. Your personal data will only be transferred to locations outside of Hong Kong, Singapore and the location of the hotel in which you make reservations, stay or visit where we are satisfied that adequate or comparable levels of protection are in place to protect personal data held in that jurisdiction or that appropriate safeguards are put in place(including standard data protection clauses for transfer from the EU to outside the EU and for access or transfers outside of Mainland China), or other derogations as allowed by laws and (where we are required to do so) with your consent.
From time to time, we would like to use your name, email address, mobile phone number, and other relevant contact information to send you either via emails, SMS / MMS messages, telephone calls, push notifications, post, or social media (e.g. WeChat and Facebook) information that we think may be of interest to you, including about our hotels, products and services, news about our membership programme (if you become a member of Shangri-La Circle), satisfaction surveys, events, offers and promotions, but we can only do so with your consent.
We would also like to share (for gain) such data with the operator of the hotel or hub of hotels in which you stay or visit and with selected third party entities, so that they may send you information, news updates, special events, offers and promotions as regards their products and services, including travel, transportation, retail, food and beverage, hotel accommodation, credit cards, financial and investment services, real estate, entertainment, publications, fashion and jewellery, leisure and sports, health and wellness, non-profit and charitable activities, telecommunications, social networking, media and public relations, but we will not share your personal data with such third parties or use your personal data for direct marketing without your consent.
You may, in accordance with applicable law, choose not to receive marketing communications or opt-out from receiving marketing communications at any time, free of charge, by following the unsubscribe instructions contained in the marketing communications or contacting Shangri-La in accordance with the section “Your Rights and Contact Us” below. If you opt out of these communications, we may still send you non-promotional communications, such as those about your reservation or Shangri-La Circle programme members communications, unless we are prohibited from doing so by applicable laws.
Retention of Personal Data
Our Commitment to Data Security
We have in place reasonable technical and organisational measures to prevent unauthorised or accidental access, processing, erasure, loss or use of your personal data and to keep your personal data confidential. These measures are subject to ongoing review and monitoring. To protect your personal data, we also require our third party service providers to take reasonable precautions to keep your personal data confidential and to prevent unauthorised or accidental access, processing, erasure, loss or use of personal data, and to act at all times in compliance with applicable data protection laws.
We cannot guarantee that our Site will function faultless and without any interruptions. We shall not be liable for damages that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.
We recommend that where applicable, you change your passwords often, use a combination of letters and numbers, and ensure that you use a secure browser. If applicable, you undertake to keep your username and password secure and confidential and shall not disclose or permit it to be disclosed to any unauthorised person, and to inform us as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorised transactions have taken place. We are not liable for any damages resulting from any security breaches, on unauthorised and/or fraudulent use of your username and password.
Children, Minors, Quasi-Incompetent Persons, and Incompetent Persons
Except where required by local laws, we do not knowingly collect personal data from minors, quasi-incompetent persons, and incompetent persons. If you are a minor, quasi-incompetent persons, and incompetent persons, you may only use our Site and services with the permission of your parent, guardian, or curator.
If you are in the EU, our online services are not directed at children under the age of 13. If you believe we have collected information about a child under the age of 13, please contact us so that we may take appropriate steps to delete such information. If you are at least 13 but under the age of 16, please get the consent of your parent or legal guardian before giving us any personal data about yourself. If you are in the People’s Republic of China, our online services are not directed at children under the age of 14. If you are under the age of 14, please get the consent of your parent or legal guardian before giving us any personal data about yourself.
If you are in Thailand, our online services are not directed at children under the age of 20. If you believe we have collected information about a child under the age of 20, please contact us so that we may take appropriate steps to delete such information. If you are under the age of 20 and other legal exceptions cannot be relied on, please get the consent of your parent or legal guardian before giving us any personal data about yourself.
Third Party Sites
Your Rights and Contact Us
Subject to applicable law, you may be entitled to access, make/ raise objection to processing, rectify, erase (including deletion of your membership account), limit the use or transfer the personal data we hold of you, exercise the right to data portability, or lodge a complaint to a competent authority. Whenever reasonably possible and required, we will strive to grant these rights within one (1) month or within a reasonable time or as required by applicable local data protection law (e.g. within 15 working days in the People’s Republic of China). You may also withdraw your consent to receiving direct marketing communications, or more generally to our processing of your personal data if based on your consent, at any time. You may also be entitled to appeal and object to important decisions which were made based solely on automated decision-making. You may in certain circumstances ask us to cancel your membership account or delete your personal data, in which case, to the extent permissible by applicable law, we will take reasonable steps to delete or de-identify your personal data. Please note that we may not be able to continue providing services to you if you entirely withdraw your consent or ask us to delete your personal data entirely, and this may also result in the termination of any agreements with Shangri-La.
If you would like us to update the data we maintain about you and your preferences, or if you wish to withdraw your consent to receiving direct marketing communications from us, please contact us by email at email@example.com.
For any other requests (including deletion of your membership account), or if you have any questions or complaints about how we handle your personal data, please contact our data protection officer by email at firstname.lastname@example.org or by post at 28/F Kerry Centre, 683 King’s Road, Quarry Bay, Hong Kong, or other contact details as set out in the “Introduction” section above.
Last Updated: 1 June 2022