HARD ROCK HOTEL RIVIERA MAYA PRIVACY NOTICE
Effective May 3, 2018.
Hard Rock Hotel Riviera Maya, along with its subsidiaries and hotels (collectively, "Hard Rock Hotel Riviera Maya" "us," "we," or "our,") understands that our guests, customers, clients, users, visitors ("Guests and Clients") put their trust in us, and we are committed to protecting personal data that we collect through websites we operate ("Websites"), software applications ("Apps") we make available on or through mobile devices or computers ("Apps"), through wireless/wi-fi connectivity that may be offered at our properties ("Wi-Fi Access"), and through social media channels that we control ("Social Media Channels," collectively with Websites, Wi-Fi Access and Apps, the "Services") that link to this Privacy Statement. This Privacy Statement describes our global practices regarding the collection, use, and sharing of data about identified or identifiable individuals through the Services ("Personal Data").
By using the Services, you indicate that you acknowledge and understand the policies and practices contained in this Privacy Statement.
This Privacy Statement covers the following topics:
· Information Collected
· Use of Collected Information
· Sharing of Collected Information
· Cookies and Tracking Technologies
· Retention of Collected Information
· Security of Collected Information
· Your Rights Regarding Personal Data
· Links to Third-Party Websites and Services
· Email, Opt-Out, and Marketing Communications
· International Use
· Changes to our Privacy Statement
· Contacting Us
We collect a variety of Personal Data from you through the Services. Some Personal Data is collected automatically when you use or browse the Services, while other data is only collected when you provide it to us directly.
As a result, you have choices about the data we collect. When you are asked to provide data, you may decline; but if you choose not to provide data that is necessary to provide a service or feature, you may not be able to use that service or feature. For example, you may choose to create a Hard Rock Hotel Riviera Maya account when you reserve a room through our Services, which creates a smoother future booking process but requires submitting additional information. You may also choose to submit social media content through our Services, in which case we collect certain information associated with that social media account such as account name, the shared content, and any comments or interactions with the shared content.
Hard Rock Hotel Riviera Maya collects the following types of Personal Data through the Services:
Information Collected Automatically. When you download and/or use an App or browse a Website, we collect information about your device and the network you use to access the Services, as well as information about your use of the Services. This includes software and hardware attributes of the device used, unique device 0 information (such as unique International Mobile Equipment Identity (IME) numbers for smartphones), regional and language settings, network provider, and IP address, as well as Service performance data, dates and times that you use the Services, the amount of time spent on specific pages or in specific channels, and other similar usage information.
Location Information. We may also collect location information, depending on the Services you use or the permissions you provide. "Precise" location information may be derived from your device's GPS and location systems, as well as nearby wi-fi networks and cell phone towers. Imprecise location information may include your IP address or other data that may identify you as being located H a specific region, city, or postal code. You can manage the Services' ability to track your location by allowing or disallowing that access for a given Service in your computer or mobile device's settings.
Other Information You Provide To Us. We collect Personal Data from you when you provide it to us for specific purposes, such as to provide you with information or services that you request (including bookings), to carry out a transaction or reservation, to respond to an inquiry, when you submit social media content to us or interact with a Social Media Channel, when you respond to a customer survey, or when you apply for a position with us. Depending on the Services used or the products or information requested, the information collected from you may include your name, telephone number, email address, account information, street address, billing information, region, travel plans, travel status, order or service history, hotel guest stay preferences, use of hotel amenities, information that you provide about children who accompany you, social media account information (such as account or handle, number of followers, social media profile), loyalty or rewards program numbers, or (if you're applying for a position with us) employment-related information, as well as any additional information that you choose to enter into text fields, "Contact Us" forms, email subscriptions, RFP forms, or that you provide to our customer service representatives.
Information from Third Parties. We also collect or receive Personal Data from third parties. For example, if you reserve a room through a channel manager, travel agency, booking service, or event or conference promoter, we collect certain information from that third party as required to effectuate and authenticate the reservation. If you interact with a Social Media Channel or submit social media content to us, we receive certain data from the applicable social media platform. Depending on the type of information and the context in which it is used, the foregoing information may be associated with data we collect from you directly, have obtained from other sources, or have previously retained within a given user account.
Finally, we may collect data that is not Personal Data. We may use and distribute any such data at our discretion, unless it is combined with Personal Data, in which case we will treat it as Personal Data subject to this Privacy Statement.
USE OF COLLECTED INFORMATION
We use Personal Data collected through the Services for the following primary purposes:
Providing Services. We use Personal Data to provide products, services, and information to our Guests and Clients, including for the purposes of booking rooms, providing food and beverages, and providing other amenities and services.
Customer Service and Support. We use the Personal Data we collect for customer service and support, as well as to deliver and personalize communications with our Guests and Clients. This includes communicating with you regarding products, services, and discounts; answering questions and inquiries; responding to complaints and requests; and providing customer care.
Business Operations. We use the Personal Data we collect to operate our businesses. This includes marketing; monitoring usage of products, services, and systems; analyzing and storing Guest and Client preferences, and traffic patterns; operating our hotels and serving our Guests and Clients; and improving the Services, offerings, and products.
Marketing and Communications. We use Personal Data to deliver and personalize communications with our Guests and Clients, including providing recommendations, special offers, information on benefits, information about our hotels, restaurants, bars and other facilities, information about events and activations on site at our properties and off-site, and other marketing communications. For information about managing email subscriptions and marketing or promotional communications, review the Email, Opt-Out, and Marketing Communications section of this Statement.
Employment or other Engagement. If you are applying for a position, we use Personal Data to process and evaluate your application and, if you are engaged, in connection with your engagement.
When information is collected from you, the description of how we will use the Personal Data will be available to you at the time of collection through this Privacy Statement.
SHARING OF COLLECTED INFORMATION
Some of the above uses involve sharing collected Personal Data with third parties. We share Personal Data with your consent, as necessary to complete any transaction or as necessary to provide any services you have requested or authorized, or as permitted or required by law. We share Personal Data for a variety of purposes, including for provision of our services such as reservations, guest communications and concierge services, marketing our products and services, payment processing and other financial services, fraud prevention, and risk mitigation/reduction. For example, when you make a reservation through a Provider's service, we may share certain Personal Data with the Provider to authenticate you. In addition, some of our operations, such as reservation services, may be operated using Providers' systems, and as such the Providers will be directly collecting your Personal Data.
We also share Personal Data with Providers who need the information to provide services to you or to us, but only to the extent the information is needed to provide such services. This includes: software and web developers, payment processors, online travel agencies and channel managers, booking and reservations managers, maintenance companies, Guest and Client benefits providers, email and other marketing vendors, marketing technology vendors, and Providers we have retained to assist in securing our systems. We also use analytics Providers and software to assist us in understanding how our Guests and Clients use the Services and our systems. For more information on how we collect information for analy[ics, see "Cookies and Tracking Technologies" below.
You have the right to request the access to, rectify, cancel and oppose the management of your Personal Information (the “ARCO Rights”). Furthermore, you have the right to request the revocation of your given consent, as well as limit the use of your Personal Information.
In order to exercise your rights, we ask that you send an e-mail to email@example.com, so we can send you the appropriate request form, which you should complete and submit through the same electronic means from which you received it. You may also go through this procedure personally in our offices.
For security purposes and in compliance with the Law, it is mandatory that all request forms be accompanied by the information necessary for us to identify the applicant, and if applicable his or her legal representative. As a result, your request form should be accompanied with the following documents:
A. Request form fully completed and signed;
B. Copy of the holder’s identification;
C. In the case of legal representation, simple copy of the Public Grant that establishes his or her Power-of-Attorney, as well as a simple copy of his or her identification;
D. Address, phone number, and e-mail;
E. Whether or not the holder accepts to be notified via e-mail;
F. Clear and precise description of the Information related to the exercise of your ARCO rights;
G. If applicable, indicate which specific piece of information should be corrected and how it should be correctly read.
H. If applicable, expressly state to revoke the consent to the management of your Personal Information;
I. Any other piece of information that will allow us to properly identify your Personal Information.
Allow us to inform you that we keep a record of all the submitted requests. Furthermore, in case the request form should be found incomplete, we have the right to request the missing information from you.
The applicant guarantees that the given Personal Information is exact, complete and authentic. As a result, the applicant is responsible for any damage and/or harm caused by falsified information or identity impersonation.
Your request shall be processed in accordance with the manner and time established in the Law and its Regulation. We commit ourselves to give a response no later than 20 (twenty) business days after we have received your request form. The waiting period could be extended by another 20 (twenty) business days if and when it is justified and the holder is notified.
Upon request of access to your Personal Information, it shall be given digitally. Upon request of expressly requesting it, your Information will be sent in the form of copies to your indicated address.
You have the right to revoke your consent to the management of your Personal Information. The procedure, requirements, and contact information needed for you to revoke your consent shall be the same as the procedure needed to exercise your ARCO Rights established above.
COOKIES AND TRACKING TECHNOLOGIES
The Services does not respond to Do Not Track (DNT) signals. We use a number of Provider technologies that can track Guests and Clients across sites, including but not limited to products and services from Google, Google's DoubleClick, Sabre (SynXis), Facebook, Adara, The Hotels Network, TripTease, Sojern, TripCraft, Cendyn and TravelClick.
SECURITY OF COLLECTED INFORMATION
We maintain reasonable physical, administrative, and technical security measures to protect the confidentiality, availability, and integrity of Personal Data.
It is important to note that no method of safeguarding information is completely secure. While we try to ensure the protection of your Personal Data, we cannot guarantee (or be accountable/liable) that our safeguards will be effective or sufficient.
YOUR RIGHTS REGARDING PERSONAL DATA
Users of the Services, including you, have a variety of legal rights regarding the processing of Personal Data. These rights vary depending on applicable law, but may include by way of example:
· The right to know what Personal Data we maintain about you;
· The right to know with whom we have shared your Personal Data;
· The right to receive a copy of your Personal Data; and
· The right to access, correct, or delete your Personal Data.
You may exercise any rights you have under your applicable law with respect to Personal Data by contacting us as described below. We may request additional information from you to authenticate any such requests. In addition, you may be able to view, access, correct, or delete some or all of the Personal Data through our Consent and Profile update protocol & procedures.
Notice to California Residents. California Civil Code Section 1798.83, known as the "Shine The Light" law, permits our Guests and Clients who are California residents to request and obtain from us a list of what Personal Data (if any) we have disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. We may request additional information from you to authenticate any such requests. Requests may be made only once a year and are free of charge. Under Section 1798.83, we currently do not share any Personal Data with third parties for their direct marketing purposes.
LINKS TO THIRD-PARTY WEBSITES AND SERVICES
The Services may contain links to third-party services, content, or products that are not affiliated with us. We are not responsible for examining or evaluating the content or accuracy of such third-party websites, and we do not warrant and will not have any liability or responsibility for any third-party materials or websites, or for any other materials, products, or services of third parties. Refer to the privacy statements for such third-party services for information about what they collect and how they use your data.
We are not liable for any harm or damages related to the purchase or use of goods, services, resources, content, or any other transactions made in connection with any third-party websites. Please review carefully the third party's policies and practices and make sure you understand them before you engage H any transaction. Complaints, claims, concerns, or questions regarding third-party products should be directed to the third party.
The Services are not intended for children under the age of 16, and children under the age of 16 are not permitted to use the Services without written consent from a parent or legal guardian. We may collect information from children under the age of 16 to the extent provided by a parent or guardian, and such information would be associated with the parent or guardian, not the child.
EMAIL, OPT-OUT, AND MARKETING COMMUNICATIONS
If you no longer wish to receive email communications from us, you can follow the specific unsubscribe instructions in the email you receive or contact us at the address below. If you do business with us, you may not opt out of certain automated notifications (including confirmation, welcome, and post-departure emails) based on the particular transaction.
Your Personal Data may be stored, used, and processed in any country where we have facilities or where we have engaged a Provider, and by your use of the Services you acknowledge that we may transfer information to countries outside of your country of residence, which may have different data protection rules than in your country. All Personal Data held by Hard Rock Hotel Riviera Maya directly is stored at the applicable property and/or in the United States, which may require transfer of the Personal Data from your location to the property's location and/or the United States.
CHANGES TO OUR PRIVACY STATEMENT
We may from time to time update our Privacy Statement to reflect changes to our services and policies. When we update the Privacy Statement, we will revise the "Effective" date listed at the top of this page. We encourage you to periodically review this Privacy Statement to keep apprised of how we use Personal Data.
If you have any questions about this Privacy Statement, our privacy practices, or the processing of Personal Data, please contact us. We welcome your questions and suggestions about our Privacy Statement and will use reasonable efforts to respond in a timely manner. Please feel free to email us at: firstname.lastname@example.org; or write to us at:
Hard Rock Hotel Riviera Maya
Blvd Kukulcan km 14.5 Zona Hotelera
Int. Hard Rock Hotel Cancun
Cancun, Quintana Roo 77500 Mexico
PRIVACY STATEMENT FOR DATA SUBJECTS WHOSE PERSONAL INFORMATION MAY BE COLLECTED IN THE EUROPEAN UNION
EU GENERAL DATA PROTECTION REGULATION ("GDPR"). Hard Rock Hotel Riviera Maya is a global brand and thus many of our guests are from the European Economic Area ("EEA"). In order to serve these guests, we may transfer personal information from individuals ("Data Subjects") located within the EEA. Personal information that may be collected by us from a Data Subject H the EEA may include:
· [PHONE NUMBER]
· [EMAIL ADDRESS]
· [OTHER DATA ELEMENTS]
Because of Hard Rock Hotel Riviera Maya's diversity of guests, we must potentially deal with local supervisory authorities in all EU states where we have an existing business relationship with a data subject. Additionally, information that we collect may be transferred outside of the EEA, including to countries, such as the United States, which have not been deemed as having "adequate" security measures by the European Commission. Therefore, we have executed Model Clauses between our European Hotels and our Hard Rock Hotel Riviera Maya Hospitality, pursuant to European Commission Decision 2010/87/EC, to facilitate the legitimate, secure transfer of personal information outside the EEA as necessary.
LAWFUL GROUNDS TO PROCESS AND OBTAIN CONSENT
Data subjects whose personal information is collected in the EEA may withdraw consent at any time where consent is the lawful basis for processing his/her information. Should a data subject withdraw consent for processing or otherwise object to processing that impedes Hard Rock Hotel Riviera Maya's ability to comply with applicable regulations, a data subject may be unable to avail him/herself of the services that Hard Rock Hotel Riviera Maya provides.
DATA SUBJECTS' RIGHTS
All individuals whose personal information is held by Hard Rock Hotel Riviera Maya have the right to:
· ask what information Hard Rock Hotel Riviera Maya holds about them and why;
· ask for a copy of such information or access to such information;
· be informed how to correct or keep that information up to date; and
· be informed on how Hard Rock Hotel Riviera Maya is meeting its data protection obligations.
Furthermore, for data collected in the EEA, data subjects have the right to:
· ask for a copy of such information to be sent to a third party;
· ask for data to be erased if possible and required under the GDPR;
· ask for processing of personal information to be restricted if possible and required under GDPR;
· object to processing of personal information if possible and required under GDPR;
· object to automated decision-making where applicable; and
· contact a supervisory authority in the EEA to lodge a complaint regarding Hard Rock Hotel Riviera Maya’s processing of your personal information.
NON-DISCLOSURE OF INFORMATION
Hard Rock Hotel Riviera Maya does not share any personal information with any nonaffiliated third parties, except in the following circumstances:
· as necessary to provide the service that the customer has requested or authorized, or to maintain and service the customer's account;
· as required by regulatory authorities or law enforcement officials who have jurisdiction over Hard Rock Hotel Riviera Maya and its affiliates or as otherwise required by any applicable law; and
· to the extent reasonably necessary to prevent fraud and unauthorized transactions.
Hard Rock Hotel Riviera Maya personnel are prohibited, either during or after termination of their employment, from disclosing personal information to any person or entity outside Hard Rock Hotel Riviera Maya, including family members, except under the circumstances described above. An employee is permitted to disclose personal information only to such other employees who need to have access to such information to deliver our services to the customer.
HARD ROCK HOTEL RIVIERA MAYA CONTACT INFORMATION FOR PERSONS LOCATED WITHIN THE EEA. If you are located at the European Economic Area ("EEA") or Switzerland and have questions or concerns regarding the processing of your personal information, you may contact our EU Representative at: email@example.com; or write to us at:
Hard Rock Hotel Riviera Maya
Blvd Kukulcan km 14.5 Zona Hotelera
Int. Hard Rock Hotel Cancun
Cancun, Quintana Roo 77500 Mexico
If, as an EEA Citizen, you believe that Hard Rock Hotel Riviera Maya has not adequately resolved any such issues, you have the right contact the EU supervisory authority.