GLOBAL PRIVACY POLICY FOR EMPLOYEES

1Introduction
We are committed to safeguarding the privacy of the personal information that we gather concerning our prospective, current and former employees (“you” or “employees”) for management, human resources and payroll purposes.
2The Application of this Policy
This Global Privacy Policy for Employees (the “Policy”) applies to employees’ personal information and to the management of that personal information in any form – whether oral, electronic or written.
This Policy gives effect to Hyatt’s commitment to protect your information and has been adopted by all of the separate and distinct legal entities that manage, operate, franchise, own and/or provide services to the various Hyatt Hotels & Resorts (whether branded “Hyatt”, “Hyatt Regency”, “Park Hyatt”, “Grand Hyatt”, “Andaz ®”, “Hyatt Place ®” or “Hyatt Summerfield Suites ®”) or Hyatt Vacation Club properties around the world. Those entities include Hyatt Hotels Corporation and its direct and indirect subsidiaries, and all of the separate and distinct legal entities that own the individual Hyatt Hotels & Resorts and Hyatt Vacation Club properties worldwide. References to “Hyatt”, “we” and “our” throughout this Policy, depending on the context, collectively refer to those separate and distinct legal entities.
If we disclose the personal information we hold about you to other of our affiliated hospitality businesses, those entities must first have agreed to be bound by this Policy with respect to their processing of your personal information.
While this Policy is intended to describe the broadest range of our information processing activities globally, those processing activities may be more limited in some jurisdictions based on the restrictions of their laws. For example, the laws of a particular country may limit the types of personal information we can collect or the manner in which we process that information. In those instances, we adjust our internal policies and practices to reflect the requirements of local law.
3The Types of Personal Information We Process
The term “personal information” in this Policy refers to information which does or is capable of identifying you as an individual. The types of personal information that we process (which may vary by jurisdiction based on applicable law and the nature of the employee’s position and duties) include:
  • name, gender, home address and telephone number, date of birth, marital status, emergency contacts;
  • residency and work permit status, military status, nationality and passport information;
  • social security or other taxpayer identification number, banking details;
  • sick pay, pensions, insurance and other benefits information (including the gender, age, nationality and passport information for any spouse, minor children or other eligible dependants and beneficiaries);
  • date of hire, date(s) of promotions(s), work history, technical skills, educational background, professional certifications and registrations, language capabilities, training courses attended;
  • height, weight and clothing sizes, photograph, physical limitations and special needs;
  • records of work absences, vacation entitlement and requests, salary history and expectations, performance appraisals, letters of appreciation and commendation, and disciplinary and grievance procedures (including monitoring compliance with and enforcing Hyatt policies);
  • where permitted by law and proportionate in view of the function to be carried out by an employee or prospective employee, the results of credit and criminal background checks, the results of drug and alcohol testing, screening, health certifications, driving licence number, vehicle registration and driving history;
  • information required to comply with laws, the requests and directions of law enforcement authorities or court orders (e.g. child support and debt payment information);
  • acknowledgements regarding Hyatt policies, including ethics and/or conflicts of interest policies and computer and other corporate resource usage policies;
  • information captured on security systems, including CCTV and key card entry systems;
  • voicemails, e-mails, correspondence and other work product and communications created, stored or transmitted by an employee using Hyatt’s computer or communications equipment;
  • date of resignation or termination, reason for resignation or termination, information relating to administering termination of employment (e.g. references).
Most of the personal information we process is information that you knowingly provide to us. However, in some instances, we process personal information that we are able to infer about you based on other information you provide to us or on our interactions with you, or personal information about you that we receive from a third party with your knowledge.
There may be instances in which the personal information that you provide to us is considered “Sensitive Personal Information” under the privacy laws of some countries. Those laws define “Sensitive Personal Information” to mean personal information from which we can determine or infer an individual's racial or ethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, membership of a trade union, physical or mental health or condition, sexual life, or judicial data (including information concerning the commission or alleged commission of a criminal offence).
4How We Use Personal Information
We use personal information concerning employees in order to:
  • evaluate applications for employment;
  • manage all aspects of an employee’s employment relationship, including, but not limited to, payroll, benefits, corporate travel and other reimbursable expenses, development and training, absence monitoring, performance appraisal, disciplinary and grievance processes and other general administrative and human resource related processes;
  • develop manpower and succession plans;
  • maintain sickness records and occupational health programmes;
  • protect the safety and security of Hyatt guests, staff and property (including controlling and facilitating access to and monitoring activity in secured premises and activity using Hyatt computers, communications and other resources);
  • investigate and respond to claims against Hyatt and its guests;
  • conduct employee opinion surveys and administer employee recognition programs;
  • administer termination of employment and provide and maintain references;
  • maintain emergency contact and beneficiary details (which involves Hyatt holding information on those you nominate in this respect); and
  • comply with applicable laws (e.g. health and safety), including judicial or administrative orders regarding individual employees (e.g., garnishments, child support payments).
There are Closed Circuit Television (CCTV) cameras in operation within and around our hotels and other premises, which are used for the following purposes:
  • to prevent and detect crime;
  • to protect the health and safety of Hyatt guests and staff;
  • to manage and protect Hyatt’s property and the property of Hyatt’s guests and other visitors; and
  • for quality assurance purposes.
We also utilise ‘Secret Shopper’ or ‘Mystery Guest’ programs, to monitor the quality of our customer service.
We monitor internet use and communications in accordance with the Policy for the Use of Technology Resources and any other acceptable use policies that may replace, amend or supplement that policy from time to time.
5Disclosures of your Personal Information
    5.1General
    In order to carry out the purposes outlined above, your information will be disclosed for the purposes set out above to human resources staff, line managers, consultants, advisers and other appropriate persons in our hotels and offices.
    5.2Our Agents, Service Providers and Suppliers
    Like many businesses, from time to time, we outsource the processing of certain functions and/or information to third parties. Please note that when you apply for a position with us online, you may be transferred to a third party site with whom Hyatt have contracted to process your personal information on our behalf. When we do outsource the processing of your personal information to third parties or provide your personal information to third party service providers, we oblige those third parties to protect your personal information with appropriate security measures and prohibit them from using your personal information for their own purposes or from disclosing your personal information to others.
    5.3Business Transfers
    As we continue to develop our business, we may buy or sell hotels and other assets. In such transactions, employee information is generally one of the transferred business assets and we reserve the right to include your personal information as an asset in any such transfer. Also, in the unlikely event that we, or substantially all of our assets, are acquired, employee information may be one of the transferred assets.
    5.4Legal Requirements
    We reserve the right to disclose any personal information we have concerning you if we are compelled to do so by a court of law or requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property. We also reserve the right to retain information collected and to process such information to comply with accounting and tax rules and regulations.
6Centralized Data Processing Activities
Like most international businesses, we have centralized certain aspects of our data processing and human resources administration in order to allow us to better manage our business. That centralization may result in the transfer of personal information from one country to another. For example, your personal information will be transferred to and processed in the United States if you are employed, or are a candidate for employment: (a) by any Hyatt affiliate located outside of the United States; or (b) as an Executive Committee Member, Department Head or other key employee of any of our entities or affiliated hospitality businesses located outside the United States.
If you are being considered for a position with a Hyatt hotel or affiliated hospitality business in a different country, some personal information concerning you will be transferred to the country where the job opening is located. Personal information concerning you may also be transferred to managers and/or human resources staff of Hyatt Affiliates in other locations in order for them to be able to contact you with respect to applying for a different position. There will be an opportunity for you to opt out of this on the application form. The jurisdictions where the information will be transferred may or may not have laws that seek to preserve the privacy of personal information. However, whenever your personal information is transferred within Hyatt, your personal information will be processed in accordance with the terms and conditions of this Policy.
7   Updating or Accessing Your Personal Information
With some limited exceptions, you may inquire about the personal information we maintain about you by sending us a written request by letter or e-mail to the addresses set out in Section 9 below. Please be sure to include your full name, current (or last) job title and place of employment with Hyatt so we can ascertain your identity and the personal information we maintain about you. We may not disclose data that you are not entitled to receive under applicable laws (e.g. data revealing information about another individual).
We reserve the right to charge you a fee, if permitted under applicable law, which is usually approximately $20, for processing any such request. Where you make more than one request in quick succession, we may respond to your subsequent request by referring to our earlier response and only identifying any items that have changed materially.
You may request that we correct, or stop processing, personal information that we hold about you by sending a letter or email to the address set out in Section 9 below. If we agree that the information is incorrect or that the processing should be stopped, we will delete or correct the information. If we do not agree that the information is incorrect, we will, nevertheless, record the fact that you consider that information to be incorrect in the relevant file(s).
8Changes to the Policy
Just as our business changes constantly, this Policy may also change. To assist you, this Policy is dated and has an associated version number at the end of this document.
9Request for Access to Personal Information / Questions or Complaints
If you have any questions about this Policy, or any concerns or complaints with regard to the administration of the Policy, or if you would like to submit a request (in the manner described in Section 7 above ) for access to the personal information that we maintain about you, please contact us by any of the following means:
  • for current employees, by contacting your line manager or your human resources manager; and
  • for applicants and former employees, by contacting the Hyatt Application Coordinator at Privacy.ApplicantCoordinator@hyatt.com .
For complaints, further escalation at the employee’s option, can be made to the relevant Hotel General Manager and finally to the Chief Privacy Officer.
In addition to the commitments set out in this Policy, Hyatt has also ensured compliance with some of their legal obligations in some countries in relation to Personal Information by creating a set of binding Standards and Policies (known in some countries as binding corporate rules), approved by a number of national privacy regulators. As a result, depending on your circumstances and location, you may be able to enforce your privacy rights using those Standards or Policies through that regulator or a court. If you would like to know more about these standards and commitments please contact the Chief Privacy Officer by sending an email to privacy@hyatt.com.
As indicated above, all requests for access to your personal information must be submitted in writing.
Effective Date: 1 October 2009