PRIVACY STATEMENT
YOUR PRIVACY AND SECURITY
Your privacy and security matter to us at P’tosh Hotels. Whether you’re using our website, app, or booking services, we manage your information with transparency and care. This Privacy Statement explains how we collect and use your data across our digital channels, including our website, mobile apps, Wi-Fi, and social media pages, as well as offline interactions. Depending on your location, additional rights may apply, as outlined in this policy, including disclosures for residents in various regions globally.
WHO WE ARE
This Privacy Statement is issued by the P’tosh Group of Companies, headquartered in Pennsylvania, USA, and includes its direct and indirect subsidiaries. References to “P’tosh,” “P’tosh Hotels,” “we,” “us,” or “our” refer to the relevant entity within the P’tosh Group that processes your personal data. While P’tosh Hotels-branded properties may also collect your data, many of these hotels are independently owned, and their privacy practices are governed by their own notices. For more details on our relationship with these hotels, please visit P’tosh Hotels.
ABOUT P’TOSH
The P’tosh Group of Companies is a rapidly expanding hotel management, investment, and development firm. P’tosh Hotels is committed to delivering exceptional hotel development and management services, guided by a clear vision, strong values, and a market-driven strategy. Our portfolio includes independent hotels and major brands like Marriott, Hilton, IHG, and Wyndham. We are based in Pennsylvania, which influences our legal obligations under U.S. federal law and Pennsylvania state law.
DATA COLLECTION, USE, AND DISCLOSURE
1. Data Collection
P’tosh Hotels collects personal information in various ways to enhance your experience with our services:
- Direct Interactions: We collect personal details such as your name, contact information, and payment information when you make reservations, check in, or engage with our staff.
- Third-Party Sources: We may receive information from travel agencies, booking platforms, or other partners to manage your reservations and improve our services.
- Automated Technologies: Our website and mobile app use cookies and similar technologies to gather information about your interactions with our services, including IP addresses, browser types, and usage patterns.
2. Data Use
The information we collect is used for the following purposes:
- Reservations and Service Delivery: To process and manage your bookings, provide personalized services, and fulfill your requests.
- Loyalty Programs: To administer our loyalty programs, track your participation, and offer tailored benefits and promotions.
- Customer Support: To assist with inquiries, resolve issues, and enhance your experience with our brand.
- Marketing and Communications: To send you relevant updates, special offers, and promotional materials, provided you have consented to receive such communications.
3. Disclosure to Third Parties
P’tosh Hotels may share your personal information with the following entities:
- Service Providers: We collaborate with third-party service providers to deliver services such as payment processing, booking management, and customer support. These providers are bound by confidentiality agreements and are restricted to using your data solely for the services they perform on our behalf.
- Business Partners: We may share your information with partners to offer you joint promotions, events, or services that align with your interests. We ensure that these partners adhere to strict data protection standards.
- Legal and Regulatory Bodies: We may disclose personal information if required by law, including under Pennsylvania law and U.S. federal regulations, such as to comply with legal obligations or respond to lawful requests from public authorities.
4. Opt-Out Mechanisms
We respect your privacy and offer several ways to manage your data preferences:
- Marketing Communications: To opt out of receiving marketing emails or communications, click the unsubscribe link in any email or update your preferences through your account settings.
- Data Collection Preferences: You can adjust your data collection preferences by accessing your account settings or contacting our customer service team. Note that opting out of certain data collection practices may affect the functionality of some services.
For more information on our data protection practices or to exercise your privacy rights, please refer to our Privacy Policy or reach out to our Data Protection Officer at hrmanager@ptoshhotels.com.
LEGAL BASIS FOR PROCESSING PERSONAL DATA
P’tosh Hotels processes personal data in compliance with U.S. federal and Pennsylvania state laws, as well as international data protection laws where applicable. The legal bases for processing personal data under the General Data Protection Regulation (GDPR) and other relevant regulations include:
- Contractual Necessity: We process personal data when necessary to fulfill our contractual obligations with you, such as managing reservations and processing payments.
- Consent: Where applicable, we process personal data based on your consent, such as for marketing communications or participation in loyalty programs. You may withdraw your consent at any time.
- Legitimate Interests: We process personal data based on our legitimate interests, including improving our services, conducting market research, and ensuring the security of our website, provided these interests do not override your rights and freedoms.
- Legal Obligation: We process personal data to comply with legal obligations, including those under Pennsylvania law and U.S. federal regulations, such as responding to legal requests or maintaining accurate records.
- Performance of a Task in the Public Interest: In certain cases, we process personal data for tasks carried out in the public interest, such as maintaining public health and safety.
For further details on how we process personal data and your rights, please refer to our Privacy Policy.
DATA TRANSFER
P’tosh Hotels operates through a global network of corporate offices, reservation and service centers, data centers, and hotels. As a result, it may be necessary to transfer your personal information across borders. This includes data collected during reservations, stays at P’tosh-branded hotels, participation in our loyalty programs, or interactions through our websites, apps, or other digital channels.
International Transfers
Your information may be transferred to any of our P’tosh-owned or affiliated entities and hotels worldwide to carry out or facilitate our services. When transferring personal information from the European Union (EU), United Kingdom (UK), Brazil, or Turkey to countries outside the country of origin or your country of residence, we take the following measures to protect your privacy rights:
- Intra-Group Transfers: Transfers within the P’tosh Group are governed by an intra-group agreement that ensures each member of the P’tosh Group provides an adequate and consistent level of data protection.
- Third-Party Transfers: When transferring data outside the P’tosh Group to service providers or other third parties, we obtain contractual commitments to protect your information, using recognized safeguards such as standard contractual clauses.
- Adequate Protection: We only transfer personal data to countries recognized as providing an adequate level of legal protection or where we have established alternative arrangements to safeguard your privacy rights.
- Law Enforcement and Regulatory Requests: Requests for personal information from law enforcement or regulators will be validated before disclosure, in accordance with applicable U.S. federal law, Pennsylvania state law, and other local regulations.
For transfers between jurisdictions not covered above, we will take necessary steps to comply with local data protection laws and ensure your privacy rights are protected.
If you have any questions or concerns about how your personal data is transferred and protected, please contact us using the details provided in the How to Contact Us section.
UTILIZING OUR DIGITAL PLATFORMS
At P’tosh Hotels, we and our service providers use a range of technologies, including cookies, pixels, web beacons, tracking tools, and similar technologies across our websites, mobile applications, and other digital assets. These technologies are used to gather information and deliver the services you request, as well as to facilitate targeted advertising. In compliance with local consent requirements, we may use collected data, such as hashed email addresses, to assist us and our service providers in identifying your various devices.
When you access our mobile applications and consent to share your location, we may collect GPS data to offer personalized services, such as recommending nearby hotels or tailoring offers and promotions. You can adjust your location preferences either at the device level or through settings within your social media accounts.
We may also engage third-party vendors to facilitate interactive features on our websites, mobile applications, and other business areas. Your participation in these features is voluntary, and we may retain information submitted through these interactions. For instance, if you use an interactive chat feature for customer service, the content of the chat may be recorded and maintained as a transcript. Vendors managing these features may process the information on our behalf in accordance with our directives.
Cookies and Tracking Technologies
We use various types of cookies to enhance your experience:
- Essential Cookies: Necessary for our websites to function properly, enabling key features and supporting core operations.
- Performance and Functional Cookies: Gather information to improve our website’s functionality and address any issues you encounter.
- Advertising Cookies: Collect data to deliver targeted advertisements and enhance our services.
Managing Cookies and Opting Out
You can modify your cookie preferences. To browse without cookies, configure your browser to reject them. Refer to your browser’s “Help” menu to adjust your settings.
For cookies placed by our service providers, we adhere to the Self-Regulatory Program for Online Behavioral Advertising, as managed by the Digital Advertising Alliance (“DAA”). For more information or to opt out, visit www.aboutads.info/choices or www.networkadvertising.org/managing/opt_out.asp. Opting out of targeted ads is device- and browser-specific, so you will need to opt out on each browser or device you use.
Other Technologies: P’tosh Hotels uses other tracking technologies, including pixels and web beacons, across our websites, mobile apps, and in our email communications. These technologies help us improve our services and marketing efforts. For example, pixels embedded in our emails enable us to measure the effectiveness of our campaigns by tracking actions such as whether you opened, deleted, or forwarded an email, or clicked on a link.
Targeted Advertising: P’tosh Hotels, along with our service providers, may display targeted ads across our websites, mobile applications, and third-party websites through cookies, pixels, and web beacons. Some cookies may persist across your devices. We may attempt to identify your other devices or web browsers to show targeted ads, ensuring relevance while enhancing our services. To opt out of targeted advertising, please see the “Managing Cookies and Opting Out” section above.
Do-Not-Track: Currently, our systems do not recognize “do-not-track” signals except in certain jurisdictions, as outlined in the U.S. State Consumer Rights section. However, you can still limit tracking by disabling cookies or opting out of targeted advertising as described above.
Location Information and Services: When using our mobile applications or online platforms, you may be asked to share your location information with us. This data enables us to offer tailored services, such as nearby hotel recommendations or location-based offers. You can manage these settings through your device or relevant social media platform.
Use of Wi-Fi Services: When you use the P’Tosh Wi-Fi service, we may collect and process additional information. This includes registration information as well as device identifiers like IP address or MAC address. We may also collect pseudonymous data about your device type, web activity, and location to enhance our Wi-Fi services and provide personalized offers.
Using Personal Information to Create Profiles: To create a personalized experience at P’Tosh Hotels, we use information from partners like Google and Facebook for targeted advertising. This helps us better understand your preferences and tailor our marketing communications. You have control over how we disclose your information—log in to the preference center to manage your choices. Additionally, U.S. residents may click the “Do Not Sell or Share My Personal Information” link to opt out of data sharing that constitutes a “sale” under applicable law.
How We Secure Your Information: P’tosh Hotels is committed to protecting your information. We implement technical, physical, and organizational safeguards to prevent unauthorized access, disclosure, or loss of your data. However, please note that while we take reasonable precautions, no system can be completely secure.
Managing Your Preferences and Information: We provide tools to help you manage your personal information, including how we communicate with you. It is important to update your information if it changes or becomes inaccurate. For U.S. residents, including Californians, and individuals in other jurisdictions, specific rights and data protection laws may apply, which are detailed in the relevant sections of this policy.
Links to Other Sites: Our websites and applications may contain links to non-affiliated sites. These sites may be co-branded with our logos, but their privacy practices may differ from ours. We encourage you to review the privacy policies of these sites.
Children: Our websites are not intended for individuals under 18, and we do not knowingly collect personal information from minors. If we discover that we have collected such data, we will take reasonable steps to delete it.
Retaining Your Information in Our Systems: We retain personal information only as long as necessary for the purposes explained in this policy, unless longer retention is required for legal, regulatory, tax, or accounting reasons. We maintain a data retention policy that governs how long we keep different types of information.
HOW TO CONTACT US
For any questions or concerns regarding this Privacy Statement or our data privacy practices, please contact us:
- By Post: PO Box 397, Hershey, PA – 17033
- By email: hrmanager@ptoshhotels.com
- You may also contact our Data Protection Officer by emailing at hrmanager@ptoshhotels.com
To the extent permitted under the local law, you may also use the above contact details to request access to, correct, or (in certain circumstances) delete, any of your personal information that is held by PTOSH, or, where we have relied upon your consent to process your personal information, to withdraw your consent to such processing of your personal information. These requests will be reviewed and processed in line with the local law.
You also may have a right under the local law to lodge a complaint with us or with your local data protection supervisory authority at any time. However, we ask that you please try to resolve any issues with us first before referring your complaint to the supervisory authority.
ADDITIONAL INFORMATION FOR UK/EU/EEA, TURKEY, U.S, PEOPLE’S REPUBLIC OF CHINA, AND BRAZIL
Data Subjects Rights Under UK/EU/EEA and Turkey Data Protection Laws: Residents of the UK, EU/EEA, and Turkey have legal rights under their respective data protection laws. To exercise any of these rights contact our Data Protection Officer at hrmanager@ptoshhotels.com.These rights may include:
- Access to Personal Information: You may request confirmation regarding whether we hold your personal data, how we use it, and, if applicable, a copy of your information.
- Correction/Erasure of Personal Information: You may request correction of inaccurate data, subject to verification. You may also request erasure of your data if we no longer need it for the original purpose, if you withdraw consent, or in other legally defined circumstances. However, we may retain information to comply with legal obligations or for legal claims.
- Restricting the Use of Personal Information: You may request a restriction on the use of your information in certain circumstances, such as if you contest its accuracy, our use is unlawful, or you need the data to establish legal claims.
- Objecting to the Use of Personal Information: You may object to the processing of your information if you believe your rights outweigh our legitimate interests. We may continue using your data if we demonstrate compelling legitimate grounds. You may also opt-out of direct marketing or automated decision-making.
- Information About Data Transfers: You may request details of third-party data transfers, where applicable.
- Data Portability: You may request that your data be provided to you in a machine-readable format or transferred to another organization where applicable under law.
- Copy of Safeguards for Cross-Border Transfers: You may request information regarding safeguards in place for international data transfers outside the UK, EU/EEA, or Turkey. Redactions may apply to protect commercial terms.
To protect your privacy, we may ask for proof of identity before responding to your requests. We aim to respond within one month, though complex or multiple requests may take longer. If we cannot fulfill your request due to legal obligations or other reasons, we will inform you accordingly.
U.S. STATE CONSUMER RIGHTS: This section supplements our Privacy Statement and applies to residents of Pennsylvania and other U.S. states, including California, Colorado, Connecticut, Montana, Nevada, Oregon, Texas, Utah, and Virginia. The rights outlined in this section are subject to the applicable state laws.
- Personal Information: “Personal Information” refers to information that identifies or can be linked to a particular individual or household. This does not include publicly available, de-identified, or aggregated data.
- Submitting Requests: You can exercise your rights by contacting us at +1 (717) 5592 704 . We aim to respond within 45 days, though additional time may be required in certain cases. Verification of identity is required for processing requests.
- Non-Discrimination: P’tosh Hotels will not discriminate against you for exercising your privacy rights. This means that your service, pricing, or access to offerings will not be negatively affected by your decision to exercise your rights.
PERSONAL INFORMATION WE COLLECT AND HOW WE USE AND DISCLOSE IT
Category of Personal Information | Purposes for Collection, Use, and Disclosure | Categories of Recipients to Which Personal Information is Disclosed |
Identifiers, including real name, alias, postal address, unique identifier, IP address (if you access our websites, emails, or other digital channels), email address or other similar identifiers. | To communicate with you, including about your reservations.To process transactions.To fulfil your reservations.To manage your PTOSH account.To enhance and personalize your experience with us.To advertise and market to you in connection with your preferences.To perform analyticsTo detect and prevent fraud | PTOSH-branded propertiesAdvertising partnersAnalytics companiesPayment processorsCo-branded partnersTravel providers such as our partner airlines and rental car agenciesData enrichment providers |
Customer Records, including Personal Information such as name, signature, address, telephone number, driver’s license number, and financial information (e.g., payment information for your reservation). | To communicate with you, including about your reservations.To process transactions.To fulfil your reservations.To manage your account.To enhance and personalize your experience with us.To advertise and market to you in connection with your preferences.To protect your rights and interests | PTOSH-branded propertiesAdvertising partnersAnalytics companiesPayment processorsCo-branded partnersTravel providers such as our partner airlines and rental car agencies |
Characteristics of Protected Classifications, including age. | To enhance and personalize your experience with us.To advertise and market to you in connection with your preferences. | PTOSH-branded properties Advertising partnersAnalytics companies |
Commercial Information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | To enhance and personalize your experience with us.To advertise and market to you in connection with your preferences. | Advertising partnersAnalytics companiesCo-branded partnersTravel providers such as our partner airlines and rental car agencies |
Internet or Other Electronic Network Activity Information, including browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement. | To communicate with you, including about your reservation.To enhance and personalize your experience with us.To advertise and market to you in connection with your preferences. | PTOSH-branded propertiesAdvertising partnersAnalytics companiesPayment processorsCo-branded partnersTravel providers such as our partner airlines and rental car agencies |
Geolocation Data | To provide you with in-room or in-hotel Wi-Fi service. | PTOSH-branded propertiesInternet service providers |
Sensory Data, including closed-circuit television recordings from PTOSH-branded properties (collected for security purposes), and audio recordings of customer care calls. | To protect your rights and interests as well as the rights and interests of other guests. | If we obtain CCTV footage, we do not disclose such data except as necessary to protect our rights and interests and the rights and interests of other persons, including law enforcement. |
Inferences used to create or enhance a profile about a consumer reflecting the consumer’s preferences and tendencies (e.g., what types of properties the consumer prefers, how frequently the consumer travels, etc.). | To enhance your overall experience with PTOSH, for example, to identify and to offer relevant marketing opportunities and to show you hotel information and trip extras you may be interested in. | Advertising partnersAnalytics companiesCo-branded partners |
Personal Information that reveals a consumer’s precise geolocation. | To provide you with in-room and in-hotel Wi-Fi service.To locate properties nearby. | PTOSH-branded properties |
Personal Information collected and analyzed concerning a consumer’s accessibility needs. | To fulfil your reservations or request for an accessible room.To enhance and personalize your experience with us. | PTOSH-branded properties |
- Categories of Personal Information Collected: We collect the following categories of Personal Information:
- Identifiers: e.g., name, email, phone number.
- Commercial Information: e.g., reservation details, purchase history.
- Internet Activity: e.g., browsing activity, IP address.
- Geolocation Data: Based on IP address or hotel location.
- Inferences: e.g., preferences inferred from your activities.
- Sources of Personal Information: We collect Personal Information from various sources:
- Direct Sources: Information you provide directly (e.g., reservations).
- Third Parties: e.g., travel agents, members of your travel party, travel partners such as airlines and rental car agencies.
- Automated Collection: Through cookies and tracking technologies on our websites and online services.
- PTOSH-branded Hotels: Which may be independently owned and operated.
- Data Enrichment Providers: External sources that provide us with additional data about you.
- Use and Disclosure of Personal Information: We may use and disclose your Personal Information for purposes including:
- Service Providers and Vendors: We share Personal Information with service providers who are contractually restricted from using it for any purpose other than providing requested services to us.
- Legal Obligations: To meet obligations to regulators, tax officials, law enforcement, or to otherwise comply with legal responsibilities.
- Targeted Advertising, Sales, and Sharing of Personal Information: We may sell or share the following categories of Personal Information with third parties for cross-context behavioral or targeted advertising:
- Identifiers
- Commercial Information
- Internet Activity
- Geolocation Data
These third parties include advertisers, data enrichment providers, and analytics vendors. Additionally, we may sell the following categories of Personal Information to airlines, vacation ownership partners, and co-branded credit card partners:
- Identifiers
- Customer Records
- Commercial Information
- Geolocation Data
- Inferences
- Opt-Out Rights: You have the right to opt out of the sale or sharing of your Personal Information. You can exercise this right by following the instructions below.
- Retention of Personal Information: We retain Personal Information as long as necessary to:
- Manage our operations and relationship with you.
- Fulfill legal obligations.
- Protect or defend our rights or property. Where Personal Information serves more than one purpose, we retain it until the latest relevant purpose expires.
- Consumer Rights (California & Other States): If you are a resident of California or other applicable states (e.g., Colorado, Virginia), you have specific rights under privacy laws, including:
- Right to Know: Request details of Personal Information collected, used, shared, or sold.
- Right to Delete: Request deletion of your Personal Information, subject to exceptions.
- Right to Correct: Request correction of inaccurate information.
- Right to Opt-Out: Opt out of the sale or sharing of your Personal Information.
- Right to Appeal: Appeal decisions related to your privacy requests.
- International Data Transfers and Compliance: For our international guests, including those from the European Union, United Kingdom, and China, P’tosh Hotels ensures that cross-border data transfers comply with relevant international data protection laws. We implement appropriate safeguards, such as Standard Contractual Clauses, to protect your Personal Information when it is transferred outside your country of residence.
- Participation in Loyalty Programs: If you participate in P’tosh Hotels’ loyalty programs, additional Personal Information may be collected, and you may be eligible for financial incentives. Participation in these programs is voluntary and subject to additional terms.
- Contact Information and Rights: To exercise your privacy rights or if you have any questions regarding your privacy, please contact our Privacy Office at hrmanager@ptoshhotels.com . For California residents, requests can also be made under the “Shine the Light” law (Cal. Civ. Code § 1798.83).
CALIFORNIA NOTICE OF FINANCIAL INCENTIVE
PTOSH offers guests the opportunity to participate in the various Program, which may provide benefits such as free internet and the chance to earn points redeemable for discounted or free stays or other item. These benefits may qualify under the California Consumer Privacy Act (CCPA) and are detailed along with other material terms and conditions here.
Information We Collect
To join the Program, PTOSH collects the following minimum information: first name, last name, address, email address, country/region, city, and zip code. Additionally, PTOSH may collect:
- Your name, email address, home and business addresses, phone number, nationality, birthday, and payment card information.
- Membership number, password, and details of memberships with Program partners (e.g., airlines, car rentals).
- Information provided in your loyalty profile, such as personal stay and destination preferences.
- Marketing preferences and types of information you are interested in.
- Details of your stays at PTOSH-branded properties, including property name, dates of stay, and sometimes, total dollar amount and itemized spending.
How We Use Your Information
We use your information to operate and enhance our Programs in line with our PTOSH Membership Terms and Conditions. This includes:
- Enrolling you in the Program and processing rewards.
- Delivering redeemed merchandise and services.
- Partnering with co-branded credit card partners and Holiday Inn Club Vacations.
- Sending updates, account statements, and marketing communications (with your consent as required).
- Providing personalized advertisements and conducting analytics.
Disclosure of Information
We disclose your information to:
- Loyalty Partners: For delivering requested products and services and offering their own products and services.
- Service Providers: For program operation and marketing improvement. These providers may use your information only as necessary for their services.
You can opt-out of sharing personal information with our partners through Communication Preferences in your account. California residents can opt-out of the sale of personal information using our Do Not Sell My Personal or Share Information link. Opting out will prevent us from disclosing your information where it might be considered a “sale” under the CCPA.
Joining PTOSH Programs
You may register online via the PTOSH website or mobile app, or at the time of booking or check-in.
Value of Consumer’s Data
According to U.S. state laws, we estimate the value of consumers’ Personal Information to PTOSH as approximately $0.42 per member in 2023. This estimate is not individual-specific and the actual value to a member may vary.
Withdrawal from the Program
You may withdraw from the Program at any time by contacting PTOSH Customer Care Centre. If you delete your account information, you will no longer be enrolled in the Program and accumulated points will be deleted.
Contact Us
For questions or complaints about our privacy practices or to request a printable version of this notice, contact us at hrmanager@ptoshhotels.com.
CONSUMER RIGHTS FOR COLORADO, CONNECTICUT, MONTANA, NEVADA, OREGON, TEXAS, UTAH, AND VIRGINIA RESIDENTS
If you are a resident of Colorado, Connecticut, Montana, Nevada, Oregon, Texas, Utah, or Virginia, you have rights regarding your Personal Information as described below:
Access and Data Portability
You have the right to confirm if we are processing your Personal Information, access it, and obtain a portable copy.
Deletion
You may request deletion of your Personal Information, subject to certain exemptions.
Right to Correct
Residents of Colorado, Connecticut, Montana, Oregon, Texas, and Virginia have the right to request correction of inaccuracies in their Personal Information. To request correction, contact us at hrmanager@ptoshhotels.com.
Opt-Out of Sale and Targeted Advertising
You may opt out of the sale of your Personal Information and targeted advertising. To opt out of sales and cookies-based targeted advertising, click “View Cookie Preference Tool” under Cookie Settings . Colorado residents can use the Global Privacy Control (GPC) browser signal for universal opt-out..
Authorized Agents
Residents of Colorado, Connecticut, Montana, Oregon, and Texas may designate authorized agents to exercise their rights. Authorized agents must provide proof of consent. Submit authorization proof to hrmanager@ptoshhotels.com.
Sensitive Personal Information
We do not process sensitive Personal Information in ways that require a right to limit its use or disclosure.
Appeals
To appeal our response to a request, contact us at hrmanager@ptoshhotels.com
LOYALTY PROGRAM DISCLOSURES FOR COLORADO CONSUMERS
This section informs Colorado consumers about the use of Personal Information in connection with the PTOSH programs. You can delete your Personal Information associated with your account; however, this will invalidate your rewards. The table below details categories of Personal Information collected, sold, or processed for targeted advertising and third parties receiving each category:
Category of Personal Information | Third Parties Who Receive Each Category |
Identifiers | Third-party advertisers, Data enrichment providers |
Customer Records | Commercial Information |
Consumers can earn and redeem points with various partners including airlines, dining, car rentals, and more. For further details on our data practices, refer to other sections of our Privacy Policy.
ADDITIONAL INFORMATION FOR THE PEOPLE’S REPUBLIC OF CHINA (EXCLUDING FOR THE PURPOSES OF THIS STATEMENT HONG KONG SAR, MACAU SAR, AND TAIWAN) (“PRC”)
If there is any inconsistency between the below and the above Privacy Statement, the following shall prevail in respect of the PRC.
Data Controller For the PRC, Ptosh Hotel Groups Co., Ltd., Registered office: hrmanager@ptoshhotels.com, is the data controller. For questions or concerns related to your personal information or related to the Privacy Statement, please contact hrmanager@ptoshhotels.com
Consent We will obtain your consent (where applicable, separate consent) to collect, use, share, transfer (including but not limited to overseas transfer), disclose, or otherwise process your personal information if and to the extent required by applicable PRC laws.
Sensitive Personal Information Certain types of personal information described in this Privacy Statement are considered “sensitive” under PRC laws, including:
- Payment card information
- Stay records
- Biometric information
- Password
- Precise geolocation
- Web browsing history
References to personal information in this Privacy Statement include sensitive personal information where applicable.
Share and Disclose Your Personal Information with Another Controller With your consent, we may share and disclose your personal information with another data controller as detailed in the section “Information We Collect and How We Use and Disclose It” in the Privacy Statement.
International Data Transfers As PTOSH is a global hospitality group, we may transfer your personal information to PTOSH affiliated entities outside of mainland China, such as Six Continents Ltd (UK) (“PTOSH Foreign Affiliated Entity”), with your separate consent (if required by applicable laws). PTOSH will ensure that cross-border data transfers comply with applicable laws, providing adequate protection for your personal information.
How We Store and Protect Your Personal Information We store your personal information as long as necessary to achieve the purposes described in this Privacy Statement and as otherwise required by applicable law. We use reasonable security measures to protect your information, including encryption technology. We handle personal information security incidents in accordance with applicable laws and conduct regular training on data protection.
SDKs and Other Similar Technologies Under PRC laws, we are required to disclose SDKs. For information about SDKs used in our mobile apps, please refer to our cookie policies or contact the Privacy Office if you have specific questions.
Personalized Marketing To provide personalized advertising, we may collect personal information. You can disable personalized advertising in our app under “Account”-“Personalized Recommendations.”
Mobile Device Permissions When using certain app features, we may request permissions for your mobile device to enable functions such as payment card scanning or location access. You can manage these permissions in your device settings.
Your Rights In addition to the rights mentioned in the Privacy Statement, PRC data protection laws grant the following rights:
- Access: To access and obtain a copy of your personal information.
- Transfer: To request transferring your personal information to another data controller.
- Deregister: To request deregistration of your loyalty program account.
- Deletion and Rectification: To request correction or deletion of inaccurate or unnecessary information.
- Withdraw Consent: To withdraw consent for mobile device permissions.
To exercise these rights, contact us by emailing hrmanager@ptoshhotels.com .. We aim to respond to all valid requests within 15 working days.
BRAZIL DATA SUBJECTS RIGHTS UNDER BRAZIL DATA PROTECTION LAW
Brazil data subjects have legal rights under Brazil’s Federal Law nº 13.709/2018 (LGPD). To exercise any rights, contact our Data Protection Officer at hrmanager@ptoshhotels.com .
Rights under LGPD:
- Access: Confirm whether we are processing your personal information and obtain a copy.
- Correction: Request correction of incorrect or outdated information.
- Erasure/Anonymization: Request erasure, anonymization, or blocking of unnecessary or excessive data.
- Objection: Object to the use of your information where applicable.
- Data Transfer: Request transfer of your information to another organization.
- Revocation of Consent: Revoke consent previously given.
- Filing Claims: File claims with the national data protection authority.
We aim to respond to all valid requests within 15 days. Complex requests may take longer. We will inform you if a response will take more time.
Changes to this Privacy Statement Any changes to this Privacy Statement will be communicated through our websites and mobile applications. If changes impact how we use your personal information, we will notify you via our website or email before changes take effect, and obtain consent where required by law.