The privacy and security of your information is very important to us. Whether you are booking a room or are a member of one of our loyalty programmes, we want you to trust that the information that you have provided to us is being properly managed and protected. We have prepared this Privacy Statement to explain more about who we are and how we collect and manage your information.
Who we are This Privacy Statement is issued by the InterContinental Hotels Group of Companies (collectively referred to as "IHG", "we", "us" or "our" in this Privacy Statement), which includes the direct and indirect subsidiaries of InterContinental Hotels Group PLC and covers information collected and used by us in the course of our business. When we mention "IHG", "we", "us", or "our" we are referring to the relevant company in the InterContinental Hotels Group that processes your personal information. Your information may also be collected and used by IHG-branded hotels. In most cases these hotels are independently owned and their use of your information is only covered in this Privacy Statement where specifically noted.
You do not have to provide us with your information although in some cases, if you do not, it may mean that you are unable to use our services. For example, we may be unable to complete any booking you may wish to make, or you may be unable to participate in our loyalty programmes. There are other times when we collect and use personal information, for example if you choose to participate in one of our competitions or sweepstakes, sign up to receive our newsletters or other special offers and promotions, download one of our mobile applications or participate in one of our other services. In these instances, we will collect information from you for running and administering the respective competition, sweepstakes or service that you have elected to participate in. The information collected may include personal details such as your name and address as well as certain demographic information. In each case, we will collect, use and secure your information in a manner consistent with the general principles set out in this Privacy Statement unless we tell you otherwise.
We also collect information from you when you browse our website, use our mobile applications or participate in certain services at an IHG-branded hotel. In these instances, information such as your country information, internet protocol ("IP") address, media access control address and other characteristics about your system or device may be automatically collected. This information is collected for functional purposes as well as to improve your experience when using these services. This information may also be used for aggregated trend and statistical analysis, and for showing you more relevant advertisements and messages.
The legal basis for processing your personal data We are committed to collecting and using your information in accordance with applicable data protection laws. We will only collect, use and share your information where we are satisfied that we have an appropriate legal basis to do this. This may be because: • you have provided your consent to us using the personal information; • our use of your information is necessary to perform our contract with you, for example, making and managing your booking and operating and providing services in connection with our Loyalty Programme in accordance with the terms of our agreement with you; • our use of your information is necessary to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities; • our use of your information is in our legitimate interest as a commercial organisation, for example to operate and improve our services and to keep people informed about our products and services (including for profiling and targeted advertising) - in these cases we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in "To object to how we use your information".
If you would like to find out more about the legal basis for which we process personal information please contact our offices (details found in the "How to contact us" section). If you have provided your consent to our processing of your information you can withdraw this consent at any time by contacting the IHG Privacy Office (details found in the "How to contact us" section).
Data Transfer As we operate via a global network of corporate offices, reservation and service centres, data centres and hotels, it may be necessary to transfer your information to a country outside of the country where it was originally collected or outside of your country of residence or nationality. The information that you provide us during the course of a reservation or through the provision of any other services may be transferred to any of our IHG-owned or affiliated entities and hotels around the world for the purposes of carrying out or facilitating these services. It will also be necessary to transfer this information to third parties, including, without limitation, our Franchisees, partners and third-party service providers.
Where we transfer information which originates in the European Union ("EU") to a country outside of the EU, we will take steps to make sure such transfer is carefully managed to protect your privacy rights: • transfers within the IHG Group will be covered by an agreement entered into by members of the IHG Group (an intra-group agreement) which contractually obliges each member to ensure that your information receives an adequate and consistent level of protection wherever it is transferred within the IHG Group; • where we transfer your data outside of the IHG Group including to other companies providing us with a service, we will obtain contractual commitments and assurances from them to protect your information. Some of these assurances are well recognised certification schemes such as standard contractual clauses and the EU - U.S. Privacy Shield for the protection of personal information transferred from within the EU to the United States of America; • we will only transfer personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights; and • any requests for information we receive from law enforcement or regulators will be carefully validated before personal information is disclosed
Cookies and other tracking technologies What is a cookie: A "cookie" is a small text file that is placed onto an Internet user's web browser or device and is used to remember as well as obtain information about that party. You might be assigned a cookie when visiting our websites or when using our mobile applications. In some instances, where permitted under the applicable law, cookies may also be used for the purposes of certain email campaigns. What types of cookies we use and how we use them: We use three primary types of cookies, which include: • Functional Cookies – these cookies support the use of the website and applications and enable certain features to enhance your experience. For example, we use functional cookies to facilitate your reservation and to remember your selections as you move from page to page. We also use functional cookies for remembering things like your sign-in information and hotel preferences to avoid you having to re-enter it. • Performance Cookies – these cookies collect information needed to support the website and our applications and allow us to improve our website and identify any problems that you faced while visiting us. For example, performance cookies may provide us with information about how you came to our website and how you navigated around our website during your visit. We also use these cookies to provide us with certain statistical and analytics information, such as how many visitors came to our website or how effective our advertising is. • Targeting Cookies – these cookies are used to collect information from you to help us to improve our products and services as well as serve you with targeted advertisements that we believe will be relevant for you. We use targeting cookies across our websites and applications for various marketing initiatives and campaigns. For more information, please see the "Targeted advertising" section below. To learn more about cookies and how they are used, please visit: http://www.allaboutcookies.org/.
Third-party cookies: As described above, we use a number of third-party service providers to help us manage, carry out and improve our advertising. These parties set cookies at our direction to help us collect information and provide you with advertisements that we believe would be relevant for you. In some instances these third parties may also assist us by providing certain statistical and analytics information in relation to our marketing practices. We also may share information collected through cookies (and other tracking technologies) with third parties to use for their own analytics and marketing purposes. Managing cookies and opting out: You can choose to visit our web sites without cookies, but in some cases certain services, features and functionality may not be available.
To visit without cookies, you can configure your browser to reject all cookies or notify you when a cookie is set. Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences. To manage Flash cookies, please click here. In relation to third-party cookies, we participate in the Self-Regulatory Programme for Online Behavioural Advertising managed by the Digital Advertising Alliance ("DAA"). As part of this commitment, IHG has agreed to comply with the standards and guidelines promulgated by the DAA. For more information regarding targeted advertisements and/or to opt out of automatic collection for these purposes, please visit http://www.aboutads.info/choices/ or http://www.networkadvertising.org/managing/opt_out.... Within the EU and Canada the local DAA organisations operate a similar "ad choices" scheme: see http://www.youronlinechoices.com (Europe) and http://youradchoices.ca/ (Canada). If you optout of these targeted advertising cookies, your opt-out will be specific to the web browser or mobile device from which you accessed the opt-out. If you use multiple devices or browsers, you will need to opt-out each browser or device that you use.
Other technologies: Other technologies such as pixels and web beacons may also be used on our websites, mobile applications, in email messages and in other areas of our business. These technologies are used to improve our products and services as well as our marketing efforts. Targeted advertising: We and our third-party service providers may serve targeted advertisements through the use of first-party or third-party cookies, pixels and web beacons when you visit our website, use our mobile applications, or visit third party websites. In some instances, these cookies may be persistent cookies. As described in the Using our websites, mobile applications and other technology section above, we and our third party service providers may also use cookie and other information to try to identify other devices and web browsers that you may use so we and our third-party service providers may serve targeted advertisements to those devices. We do this to provide you with advertising that we believe may be relevant for you as well as improve our own products and services, including the functionality and performance of our websites and mobile applications. To learn more about opting out of certain types of targeted advertising, please see the "Managing cookies and opting out" section above. Do-Not-Track: Currently, our systems do not recognize browser "do-not-track" signals. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies); you also may opt-out of targeted advertising by following the instructions at the DAA and the Network Advertising Initiative websites.
Use of WI-FI services (IHG Connect) When you use the IHG Connect WI-FI service (IHG Connect), we may collect and process certain additional information. What information we collect • Registration and User-Provided Information: When you register to use IHG Connect, we may collect personal information about you including your IHG Rewards Club number. You may also provide us with personal information about you in various ways when you use IHG Connect, for example, when you send us customer servicerelated requests. • Device Identifiers. In the course of providing the IHG Connect, we may automatically collect a device identifier (such as your IP address, MAC Address or other unique identifier) for the computer, mobile device, technology or other device you use to access IHG Connect. A device identifier is a number that is automatically assigned to your device when you access IHG Connect, and we may identify your device by its device identifier. When you use IHG Connect, we may view your device identifier and use this information to enhance our service. We may associate your device identifier with other information about you, such as your IHG Rewards Club number. • Other device information: We may also automatically record certain information from your device including, device type, the web pages, apps or sites that you visit, and the dates and times that you visit, access, or use IHG Connect. While generally this information is pseudonymous and/or aggregated, this information may be associated with your IHG Rewards Club number and/or other IHG service account information or persistent identifiers. This data helps us to manage our networks and provides us with information about the use of IHG Connect. We do not, however, collect and process the contents of email communications or other electronic communications you send or receive when using IHG Connect. • Location information: We may collect information about your location through your use of the WI-FI services we provide at our hotels to enable us to improve our service and provide certain services to you such as customized offers and promotions.
How We Use the Information We Collect We use personal information only for the purposes described in this Policy, except if otherwise disclosed to you at the time the data is collected or further authorized by law or by you. • We use the personal information that we collect through IHG Connect to operate, maintain, enhance and provide all features of the service, to provide services and information that you request, to respond to comments and questions and to provide support to users.
We use the personal information that we collect through IHG Connect to understand and analyze the usage trends and preferences of our users, to improve the IHG Connect service, and to develop new products, services, features, and functionality. If you provide your contact information or your IHG Rewards club number, we may send you personalized offers based on your web usage and location. You can opt-out of receiving these offers when signing in to use the IHG Connect service or at any time within your IHG Rewards account.
Using Personal Information to create profiles As described in the section above in relation to cookies, we have relationships with third parties such as Google and Facebook which enable us to serve targeted advertising. In addition to the activities described under the heading Targeted Advertising above, we also match Facebook and Google users across sites and devices which enables us to better understand your interests. We use this information to enable us to tailor our marketing communications to you so we can make sure we tell you about things which are most likely to be of interest to you. You can opt-out of receiving these offers when signing in to use the IHG Connect service or at any time within your IHG Rewards account.
How we secure your information We are committed to protecting the confidentiality and security of the information that you provide to us. To do this, technical, physical and organisational security measures are put in place to protect against any unauthorised access, disclosure, damage or loss of your information. The collection, transmission and storage of information can never be guaranteed to be completely secure, however, we take steps to ensure that appropriate security safeguards are in place to protect your information.
Managing your preferences and information We want to ensure that you have the necessary tools at your disposal to control the information that you provide to us, including how we communicate with you. It is also important that you contact us to update your information if any of it is inaccurate or changes. Please click the relevant section below to learn more about how to control how we communicate with you and how to update, modify and delete your information.
Links to Other Sites Our websites and applications contain links to websites that are maintained and/or controlled by third parties. In some instances these websites may be co-branded and display our logos or other trademarks. You can always tell whether you are on one of our websites by checking the uniform record locator ("URL") on the page that you are visiting. We encourage you to review the privacy policies of these third-party websites as their privacy practices may differ from ours.
Children Our websites are not intended for children and we do not intentionally solicit or collect personal information from individuals under the age of 18. If we are notified or otherwise discover that a minor's personal information has been improperly collected, we will take all commercially reasonable steps to delete that information. In limited instances, we may have a campaign or program targeted toward children. In these instances, details on the information practices will be presented within the terms and conditions of the program or campaign.
How to contact us For any questions or concerns regarding this Privacy Statement or our data privacy practices, please contact us: • By email: firstname.lastname@example.org • By post: InterContinental Hotels Group Attn: Privacy Office Three Ravinia Drive Atlanta, Georgia 30346 • By phone: 1-770-604-8347 • By fax: 1-770-604-5275 You may also contact our Data Protection Officer by emailing email@example.com. To the extent permitted under the local law, you may also use the above contact details to request access to any of your personal information that is held by IHG. These requests will be reviewed and processed in line with the local law.
Where EU data protection laws apply, you have a right to lodge a complaint with your local data protection supervisory authority at any time. However, we ask that you please try to resolve any issues with us first before referring your complaint to the supervisory authority.
Your rights under EU data protection laws You have legal rights under EU data protection laws in relation to your personal information. Click on the links below to learn more about each right you may have. To exercise any of your rights please contact our Data Protection Officer by emailing firstname.lastname@example.org. • To access personal information You can ask us to confirm whether or not we have and are using your personal information and for a copy of your information. • To correct / erase personal information You can ask us to correct any information about you which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first. You can ask us to erase your information if you think we no longer need to use it for the purpose we collected it from you. You can also ask us to erase your information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information. We may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligation or where we need to use your information to establish, exercise or defend legal claims. • To restrict how we use personal information You can ask us to restrict our use of your information in certain circumstances, for example: • where you think the information is inaccurate and we need to verify it; • where our use of your information is not lawful but you do not want us to erase it; • where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or • where you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it. We can continue to use your information following a request for restriction where we have your consent to use it; or we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company. • To object to how we use your information You can object to any use of your information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use your information if we can demonstrate that we have compelling legitimate interests to use the information. You can also require us to stop using your data for direct marketing purposes. • To ask us to transfer your information to another organisation You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company). You may only exercise this right where we use your information in order to perform a contract with you, or where we asked for your consent to use your information. This right does not apply to any information which we hold or process that is not held in digital form. • Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union. We may redact data transfer agreements to protect commercial terms. We may ask you for proof of identity when making a request to exercise any of these rights. We do this to make sure that we only disclose information where we know we are dealing with the right individual. We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before proceeding with your request. We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We will let you know if we think a response will take longer than one month. To help us respond more quickly, we may ask you to provide more detail about what you want to receive or are concerned about. We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.
Changes to this Privacy Statement In some instances, we may have to change, modify or amend this Privacy Statement in order to comply with the evolving regulatory environment or the needs of our business. Subject to any applicable legal requirements to provide additional notice, any changes to this Privacy Statement will be communicated through our websites and mobile applications. However, if there will be changes made to the use of your personal information in a manner different from that stated at the time of collection we will take appropriate steps to notify you, such as by posting a notice on our website for 30 days prior to the changes taking effect or by emailing you. Effective Date: 7.03.2019