We use your personal data in order to fulfill our commitment to providing an unparalleled guest service experience. As part of that undertaking, we are committed to safeguarding the privacy of the personal data that we gather.
2) The Application of This Policy
This Policy applies to personal data regarding guests and the other individuals with whom we do business or who visit us and to the use of that personal data in any form – whether oral, electronic or written.
This Policy gives effect to the commitment by Rhombus Group to protect your personal data and has been adopted by all of the separate and distinct legal entities that manage, operate, franchise, own and/or provide services to the various Rhombus Hotels (Hotel Panorama by Rhombus, Hotel LKF by Rhombus, Hotel Bonaparte by Rhombus, Hotel Pennington by Rhombus, Rhombus Park Aura Chengdu Hotel) around the world. Those entities include Rhombus Hotels & Resorts (Asia) Limited and its direct and indirect subsidiaries, and all of the separate and distinct legal entities that own the individual Rhombus Hotels properties worldwide, whether branded “Rhombus” or not. References to “Rhombus”, “we” and “our” throughout this Policy, depending upon the context, collectively refer to those separate and distinct legal entities, including the entity with which you have made your booking. While this Policy is intended to describe the broadest range of our information processing activities globally, those processing activities may be more limited in some jurisdictions based on the restrictions of their laws. For example, the laws of a particular country may limit the types of personal data we can collect or the manner in which we process that personal data. In those instances, we adjust our internal policies and/or practices to reflect the requirements of local law.
3) Types of Guests’ Personal Data We Collect
The term “personal data” in this Policy refers to data, which does or is capable of identifying you as an individual. The types of personal data that we process (which may vary by jurisdiction based on applicable law) include:
your name, gender, home and work contact details, business title, date and place of birth, nationality and passport and visa information; guest stay information, including the hotels where you have stayed, date of arrival and departure, goods and services purchased, special requests made, observations about your service preferences (including room and holiday preferences), telephone numbers dialed and faxes and telephone messages received; your credit card details, Rhombus Diamond Card loyalty program member information, online user account details, profile or password details and any frequent flyer or travel partner program affiliation; any information necessary to fulfill special requests (e.g., health conditions that require specific accommodation, purchase of goods and services); information you provide regarding your marketing preferences or in the course of participating in surveys, contests or promotional offers; information collected through the use of closed circuit television systems, card key and other security systems; contact and other relevant details concerning the employees of corporate accounts and vendors and other individuals with whom we do business (e.g., travel agents or meeting and event planners); and in limited cases, information relating to the credit of customers.
Most of the personal data we process is information that you or someone acting on your behalf knowingly provides to us. However, in some instances, we process personal data that we are able to infer about you based on other information you provide to us or on our interactions with you, or personal data about you that we receive from a third party.
When you agree to this Policy you are, to the extent required under local law in some jurisdictions, granting your express and written consent to the processing of any personal data that you provide to Rhombus Group.
4) The Types of Employees’ Personal Data We Process
The term “personal data” in this Policy refers to data, which does or is capable of identifying you as an individual. The types of personal data that we process (which may vary by jurisdiction based on applicable law and the nature of the employee’s position and duties) include:
name, gender, home address and telephone number, date of birth, marital status, emergency contacts, residency and work permit status, military status, nationality and passport information;
social security or other taxpayer identification number, banking details, sick pay, pensions, insurance and other benefits information (including the gender, age, nationality and passport information for any spouse, minor children or other eligible dependants and beneficiaries), date of hire, date(s) of promotions(s), work history, technical skills, educational background, professional certifications and registrations, language capabilities, training courses attended, height, weight and clothing sizes, photograph, physical limitations and special needs, records of work absences, vacation entitlement and requests, salary history and expectations, performance appraisals, letters of appreciation and commendation, and disciplinary and grievance procedures (including monitoring compliance with and enforcing Rhombus Hotels policies), where permitted by law and proportionate in view of the function to be carried out by an employee or prospective employee, the results of credit and criminal background checks, the results of drug and alcohol testing, screening, health certifications, driving license number, vehicle registration and driving history, information required to comply with laws, the requests and directions of law enforcement authorities or court orders (e.g. child support and debt payment information), acknowledgements regarding Rhombus Hotels policies, including ethics and/or conflicts of interest policies and computer and other corporate resource usage policies, information captured on security systems, including CCTV and key card entry systems, voicemails, e-mails, correspondence and other work product and communications created, stored or transmitted by an employee using Rhombus Hotels computer or communications equipment; date of resignation or termination, reason for resignation or termination, information relating to administering termination of employment (e.g. references).
Most of the personal data we process is information that you knowingly provide to us. However, in some instances, we process personal data that we are able to infer about you based on other information you provide to us or on our interactions with you, or personal data about you that we receive from a third party with your knowledge.
5) How We Use Guests’ Personal Data
Subject to applicable laws, we may collect, use and disclose relevant portions of your personal data in order to:
Provide and charge for the hotel accommodation and other goods and services you purchase; provide you with a better, more personalised level of service; administer the Rhombus Diamond Card loyalty programme; fulfill contractual obligations to you, anyone involved in the process of making your travel arrangements (e.g., travel agents, group travel organisers or your employer) and vendors (e.g., credit card companies, airline operators and other loyalty programmes); conduct market research, customer satisfaction and quality assurance surveys, direct marketing and sales promotions; respond to requests for information and services; provide for the safety and security of staff, guests and other visitors; administer general record keeping; meet legal and regulatory requirements; and process credit applications.
6) How We Use Employees’ Personal Data
We use personal data concerning employees in order to: evaluate applications for employment; manage all aspects of an employee’s employment relationship, including, but not limited to, payroll, benefits, corporate travel and other reimbursable expenses, development and training, absence monitoring, performance appraisal, disciplinary and grievance processes and other general administrative and human resource related processes; develop manpower and succession plans; maintain sickness records and occupational health programmes; protect the safety and security of Rhombus Hotels guests, staff and property (including controlling and facilitating access to and monitoring activity in secured premises and activity using Rhombus Hotels computers, communications and other resources); investigate and respond to claims against Rhombus Hotels and its guests; conduct employee opinion surveys and administer employee recognition programmes; administer termination of employment and provide and maintain references; maintain emergency contact and beneficiary details (which involves Rhombus Hotels holding information on those you nominate in this respect); and comply with applicable laws (e.g. health and safety), including judicial or administrative orders regarding individual employees (e.g., garnishments, child support payments).
There are Closed Circuit Television (CCTV) cameras in operation within and around our hotels and other premises, which are used for the following purposes: to prevent and detect crime; to protect the health and safety of Rhombus Hotels’ guests and staff; to manage and protect Rhombus Hotels’ property and the property of Rhombus Hotels’ guests and other visitors; and for quality assurance purposes.
We also utilise ‘Secret Shopper’ or ‘Mystery Guest’ programmes, to monitor the quality of our customer service.
We monitor internet use and communications in accordance with the Policy for the Use of Technology Resources and any other acceptable use policies that may replace, amend or supplement that policy from time to time.
7) Disclosures of Guests’ Personal Data
From time to time, we may disclose your personal data. We would always make that disclosure in accordance with applicable law. Circumstances where we might make such disclosure (in addition to those described in Section 5 above) include:
7.1 Our Agents, Service Providers and Suppliers
Like most international hotel brands, we may outsource the processing of certain functions and/or information to third parties. We may also engage market research firms to assist us in contacting guests for the purpose of market research and quality assurance. When we do outsource the processing of your personal data to third parties or provide your personal data to third party service providers, we oblige those third parties to protect your personal data in accordance with the terms and conditions of this Policy, with appropriate security measures and prohibit them from using your personal data for their own purposes or from disclosing your personal data to others.
7.2 Credit Authorisation
When you request credit, your personal data will be used and disclosed to appropriate third parties in accordance with applicable laws for the purpose of determining whether to grant and maintain a line of credit to you.
7.3 Business Transfers
As we continue to develop our business, we may sell hotels and other assets, or cease being the manager or franchisor of a hotel that is currently part of our portfolio. In those circumstances, we may include the personal data collected about you, or control of that personal data, as a business asset in any such transfer. Also, in the unlikely event that we, or substantially all of our assets, are acquired, personal data collected from you, or control of such information, may be one of the transferred assets.
7.4 Legal Requirements
We reserve the right to disclose any personal data we have concerning you if we are compelled to do so by a court of law or requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws. We also reserve the right to retain personal data collected and to process such personal data to comply with accounting, tax rules and regulations and any specific record retention laws.
8) Disclosures of Employees’ Personal Data
In order to carry out the purposes outlined in Section 6 above, your personal data will be disclosed for the purposes set out above to human resources staff, line managers, consultants, advisers and other appropriate persons in our hotels and offices.
8.2 Our Agents, Service Providers and Suppliers
Like many businesses, from time to time, we outsource the processing of certain functions and/or information to third parties. Please note that when you apply for a position with us online, you may be transferred to a third party site with whom Rhombus Group have contracted to process your personal data on our behalf. When we do outsource the processing of your personal data to third parties or provide your personal data to third party service providers, we oblige those third parties to protect your personal data with appropriate security measures and prohibit them from using your personal data for their own purposes or from disclosing your personal data to others.
8.3 Business Transfers
As we continue to develop our business, we may buy or sell hotels and other assets. In such transactions, employee information is generally one of the transferred business assets and we reserve the right to include your personal data as an asset in any such transfer. Also, in the unlikely event that we, or substantially all of our assets, are acquired, employee information may be one of the transferred assets.
8.4 Legal Requirements
We reserve the right to disclose any personal data we have concerning you if we are compelled to do so by a court of law or requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property. We also reserve the right to retain information collected and to process such information to comply with accounting and tax rules and regulations.
9) Centralised Data Processing Activities
Like most international businesses, we have centralised certain aspects of our data processing activities and human resources administration in order to allow us to better manage our business in accordance with applicable laws, which, in many instances, will result in the transfer of your personal data from one country to another. For example, if you make a reservation and/or stay at one of the Rhombus hotels or resorts outside of Hong Kong SAR, the personal data gathered in that process will be transferred to and processed in Hong Kong SAR.
Nevertheless, whenever your personal data is transferred within the Rhombus companies, your personal data will be processed in accordance with the terms and conditions of this Policy and applicable laws.
10) Information We Collect When You Visit Us Online
If you choose to obtain information or do business with us online by visiting www.rhombus-group.com or any other Rhombus hotels websites, you may wish to know the following:
10.1 You Can Browse Without Revealing Your Identity
You can always visit our websites without revealing who you are or providing any personal data.
10.2 Usage Information
When you visit our websites, we collect usage information (i.e., the Internet Protocol address automatically assigned to your computer each time you browse the Internet, the date and time of your visit, the type of Internet browser you use and the URL of any other website that referred you to our website, and the pages you access and the amount of time you spend on each page), but that information is not linked to you as an individual unless you create a user profile. We use this information to evaluate and improve the features, guest experience and functionality of our websites.
10.3 Cookie Technology
We use “cookie technology” on our websites to allow us to evaluate and improve the functionality of our websites. Cookies by themselves cannot be used to reveal your identity. They identify your browser, but not you, to our servers when you visit our websites.
If you do not want to accept cookies, you can block them by adjusting the settings on your Internet browser. However, if you block them, you will not be able to use all of the features of our websites, including the customisation features associated with creating a user profile.
Further information about cookies and how they work is available at allaboutcookies.org.
10.4 Links to Other Websites
If you visit www.rhombus-group.com and decide, for example, to purchase a gift certificate, make an airline reservation, rent a car, submit award request forms or apply for a job online, you will be seamlessly linked to websites maintained by third parties with whom we have contracted to provide those services. If you click on a link found on our websites or on any other website, you should always look at the location bar within your browser to determine whether you have been linked to a different website. This Policy, and our responsibility, is limited to our own information collection practices. We are not responsible for, and cannot always ensure, the information collection practices or privacy policies of other websites maintained by third parties or our service providers where you submit your personal data directly to such websites. In addition, we cannot ensure the content of the websites maintained by these third parties or our service providers, even if accessible using a link from our websites. We urge you to read the privacy and security policies of any external sites before providing any personal data while accessing those sites.
Because the security of your personal data is important to us, we use Secured Socket Layer (“SSL”) software in order to encrypt the personal data that you provide to us. If your browser is SSL enabled (which most are), your transmission of personal data to us online will be encrypted. You can verify whether your personal data is transmitted using SSL encryption by confirming the symbol of a closed lock or solid key on the bottom bar of your browser window. You can also verify that your personal data will be encrypted using SSL encryption by making sure that the prefix for the web address listed for that page has changed from “http” to “https”. If you do not see the appropriate symbol and the “https” prefix, you should not assume that the personal data that you are being asked to provide will be encrypted prior to transmission.
The personal data we collect from you online is stored by us and/or our service providers on databases protected through a combination of physical and electronic access controls, firewall technology and other reasonable security measures. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal data and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. Where required under law, we will notify you of any such loss, misuse or alteration of personal data that may affect you, so that you can take the appropriate actions for the due protection of your rights.
10.6 Minor Children
Our websites do not sell products or services for purchase by children and we do not knowingly solicit or collect personal data from children. If you are under the age of 18 (or a minor in the jurisdiction in which you are accessing our websites), you may only use our websites with the involvement of a parent or guardian.
You may always choose what personal data (if any) you wish to provide to us. However, if you choose not to provide certain details, some of your experiences with us may be affected (for example, we cannot take a reservation without a name).
If you provide us with your contact details (e.g., postal address, email address, telephone number, mobile phone number, or fax number), we may contact you to let you know about the products, services, promotions and events offered that we think you may be interested in. We may also share your personal data with carefully selected third parties, who may communicate directly with you. You can always choose whether or not to receive any or all of these communications by contacting us as described in Section 12 below or following the “unsubscribe” instructions contained in the communications.
If you have a Rhombus Diamond Card account, we ask you to indicate your communication preferences at the time you apply for membership or when you create your user profile. We may also ask you to indicate how you would like to receive any offers, marketing and promotional information (i.e., via email or regular mail) and whether you would be willing to participate in surveys. Once you have indicated your preferences, you can always change them.
In some jurisdictions, data privacy laws may require us to obtain your consent before we send you information that you have not specifically requested. In certain circumstances, your consent may be implied (e.g., where communications are required in order to fulfill your requests and/or where you have volunteered information for use by us). In other cases, we may seek your consent expressly in accordance with applicable laws (e.g., where the information collected is regarded to be Sensitive Personal data under local regulations).
We will abide by any request from you not to send you direct marketing materials. When such a request is received, your contact details will be “suppressed” rather than deleted. This will ensure that your request is recorded and retained unless you provide a later consent that overrides it.
12) Updating or Accessing Your Personal Data
With some limited exceptions, you have rights to access and update personal data held about you. If you want to inquire about any personal data we may have about you, you can do so by sending us a written request by letter or email to the addresses set out in Section 14 below. Please be sure to include: (a) For guests, your full name, address and telephone/mobile phone number and a copy of a document evidencing your identity (such as an ID card or passport); (b) for employees, your full name, current (or last) job title and place of employment with Rhombus hotels, so we can ascertain your identity and whether we have any personal data regarding you, or in case we need to contact you to obtain any additional information, we may require to make that determination.
You may request that we correct, cancel, and/or stop processing personal data that we hold about you. If we agree that the personal data is incorrect, or that the processing should be stopped, we will delete or correct the personal data. If we do not agree that the personal data is incorrect we will tell you that we do not agree and record the fact that you consider that personal data to be incorrect in the relevant file(s).
13) Changes to this Policy
Just as our business changes constantly, this Policy may also change. To assist you, this Policy has an effective date set out at the end of this document.
14) Requests for Access to Personal Data/Questions or Complaints
If you have any questions about this Policy, or any concerns or complaints with regard to the administration of the Policy, or if you would like to submit a request (in the manner described in Section 12 above) for access to the personal data that we maintain about you, please contact us at:
16/F Empress Plaza, 17-19 Chatham Road South, Tsimshatsui, Kowloon, Hong Kong
T: (852) 3550 0688
F: (852) 3550 0699
While this Policy alone does not create contractual rights, Rhombus Group has ensured compliance with some of its legal obligations in some countries in relation to personal data by creating a set of binding Standards and Policies (known in some countries as binding corporate rules), approved by a number of national privacy regulators. As a result, depending on your circumstances and location, you may be able to enforce your privacy rights using those Standards or Policies through that regulator or a court.
All requests for access to your personal data must be submitted in writing by letter or e-mail. We may respond to your request by letter, e-mail, telephone or any other suitable method.
Effective: January 2015Back