We use your personal information in order to fulfil our commitment to providing an unparalleled guest experience in connection with all of your interactions with Hyatt (the “Purpose”). As part of that undertaking, we are committed to safeguarding the privacy of the personal information that we gather.
As one of our guests or someone else with whom we interact, you understand and consent that we may collect, use, and share your personal information in accordance with this Policy.
Where you provide to us personal information about another person, you should ensure that person acknowledges this Policy and, in particular, tell him/her how we may use his/her information. You should remind that person to read this Policy in advance and may also give him/her a copy of this Policy.
2 The Application of This Policy
The term “Hyatt Locations” includes the various locations affiliated with Hyatt that operate under or in connection with the Hyatt®, Park Hyatt®, Miraval®, Grand Hyatt®, Alila®, Andaz®, The Unbound Collection by Hyatt®, Destination by Hyatt™, Hyatt Regency®, Hyatt ZivaTM, Hyatt ZilaraTM, Thompson Hotels®, Hyatt Centric®, JdV by HyattTM, Hyatt House®, Hyatt Place®, Caption by HyattTM and Hyatt Residence Club® brands around the world and also includes independently branded locations affiliated with Hyatt Hotels Corporation and/or its direct and indirect subsidiaries. However, for purposes of this Policy, the term Hyatt Locations does not include: (a) locations operated under an AMRTM Collection Brand or a property otherwise managed or affiliated with Apple Leisure Group; (b) locations operated by MGM; (c) locations affiliated with the Joie de Vivre brand but not affiliated with Hyatt, including the Galleria Park hotel; and (d) locations that participate in World of Hyatt through an alliance with the World of Hyatt program, including without limitation locations affiliated with M life Rewards, Exhale, and Small Luxury Hotels of the World and excursions offered by Lindblad Expeditions. The use of the ® symbol designates marks that are registered with the U.S. Patent and Trademark Office, and such marks may also be registered with the trademark offices of certain other territories/countries.
While this Policy is intended to describe the broadest range of our information collection, processing and sharing activities globally, some activities may be more limited in some jurisdictions based on the particular laws or regulations in those territories/countries. For example, the laws of a particular territory/country may limit the types of personal information we can collect or the manner in which we process that information. In those instances, we adjust our internal policies and/or practices to reflect the requirements of local law.
3 Information We May Collect
We collect and process your personal information in order to provide you the best experience possible when you interact with us. The information we collect may vary by territory/country or by your preferred method of interaction with us. The categories of personal information that we may collect include:
There may be instances in which the personal information that you provide to us or that we collect is considered Sensitive Personal Information under the privacy laws of some territories/countries. Depending on the applicable law, “Sensitive Personal Information” can mean personal information from which we can determine or infer an individual’s racial or ethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, membership in a trade union or professional, religious, philosophical, or political association, physical or mental health or condition, medical treatment, genetic data, biometric information, and information about an individual’s sexual life or sexual orientation. In some very rare instances, financial records, credit card information and location data may constitute Sensitive Personal Information where you are located. If we rely on consent to process your Sensitive Personal Information, you have the right to withdraw that consent at any time. We only process Sensitive Personal Information in your jurisdiction if and to the extent permitted or required by applicable law (e.g., so that we can ensure we tailor our services to you accordingly in terms of food allergies and medical conditions, to ensure we can process card payments). We will seek to protect such information rigorously using the security standards further described below.
When you consent to this Policy you are, to the extent required and permitted under your local law, granting your express and written consent to the processing of any personal information that you provide to Hyatt that is considered to be Sensitive Personal Information or financial information (except, in some jurisdictions, where we will ask that you grant that consent separately). Save to the extent required by law, you are not obliged to provide Hyatt with any of your Sensitive Personal Information, and should you choose not to, this will not prevent you from purchasing any products or services from Hyatt.
4 How We Collect Your Personal Information
We collect the above-referenced categories of personal information from the following categories of sources:
5 How We Use Your Information
Subject to applicable laws, we may collect, use, and disclose your personal information in order to:
When we process your personal information as one of our guests or someone else with whom we do business, we process that information on the basis of one more of the following legal bases depending on the circumstances: (i) our legitimate interests (as detailed above), (ii) because of legal obligations we are subject to, (iii) because the information is required to fulfil contractual obligations either to you, to anyone involved in making your travel arrangements (e.g., travel agents, group travel organizers, or your employer) and/or to vendors (e.g., credit card companies, airline operators, and third-party loyalty, travel, or discount programs), or (iv) with your consent.
Hyatt uses and retains your personal information for as long as is necessary to fulfil the purpose for which it is being processed, and in line with our legal and regulatory obligations and risk management guidelines.
6 Disclosures of Your Personal Information
From time to time, we may disclose your personal information. We would always make that disclosure in accordance with applicable law. In some jurisdictions, data privacy laws may require us to obtain your consent before we disclose your information to third parties. When you consent to this Policy, you are, to the extent required and permitted under your local law, granting your consent to the transfer of your personal information to such third parties for the purpose and to the extent stated in this section and as described in Section 5 above (except, in some jurisdictions, we will ask that you grant that consent separately).
Circumstances where we might make such disclosure (in addition to those described in Section 5 above) include:
6.1 Hyatt Group
We disclose your information to other organisations within the Hyatt Group such as the Apple Leisure Group for the purposes described in this Policy, such as providing you with our services, administering the membership programs and for our internal business purposes.
6.2 Our Agents, Service Providers, and Suppliers
Like most international hotel brands, we may outsource the processing of certain functions and/or information to third parties. When we do outsource the processing of your personal information to third parties or provide your personal information to third-party service providers, we oblige those third parties to protect your personal information in accordance with the terms and conditions of this Policy, with appropriate security measures.
6.3 Consumer Insights
Where we hold personal information about you, we may disclose this personal information to other companies that also hold information about you. These companies may combine the information in order to better understand your preferences and interests, thereby enabling them and us to serve you better. If your personal information is used for direct marketing purposes, you have the right to object to that by contacting us using the contact information provided under Section 14 below. Further information about how we conduct direct marketing may be found at Section 10 below.
6.4 On-Property Companies
We may share your personal information with companies and other organisations that own and manage the spas, restaurants, health clubs, and other outlets at Hyatt Locations so they can provide you with their services in relation to your stay;
6.5 Credit Authorization
When you request credit, your personal information will be used and disclosed to appropriate third parties in accordance with applicable laws for the purpose of determining whether to grant and maintain a line of credit to you.
6.6 Business Transfers
As we continue to develop our business, we may sell hotels and other assets, or cease being the manager or franchisor of a Hyatt Location. In those circumstances, we may include the personal information collected about you, or control of that personal information, as a business asset in any such transfer. Also, in the unlikely event that we, or substantially all of our assets, are acquired, personal information collected about you, or control of such information, may be one of the transferred assets.
Similarly, we may disclose your personal information to a third party whom we acquire in order to facilitate mergers and acquisitions of our business and for the furtherance of the purposes described in Section 5 above.
6.7 E-Folio Program
If you are an employee or independent contractor of a company that participates in Hyatt's E-Folio Program, and you use the corporate credit card that is provided to you by your employer (if you are an employee) or corporate client (if you are an independent contractor) to pay for your hotel bill at a Hyatt property, then you may benefit from Hyatt's E-Folio Program.
Under the E-Folio Program, an extract of your bill (including the dates of your stay, your credit card details and amounts incurred at the Hyatt property including room charges and all incidental charges including but not limited to food, beverage, and entertainment charges) will be transferred electronically by the Hyatt property via Hyatt's U.S.-based information system either to Hyatt or to a third-party service provider located in the United States who acts on Hyatt's behalf to compile the extract and transfer it to:
the credit card network operator, the credit card issuer and/or their respective subcontractors, who will, in turn, forward that extract to your employer or corporate client (and/or their respective subcontractors) to facilitate the processing and tracking of your travel-related expenses; or
in some limited circumstances, your employer or corporate client (and/or their respective subcontractors) directly for the same purpose.
The entities that receive the extract of your bill may be located in the United States, which does not have privacy laws that specifically address in detail all uses of personal information in the same way as in other parts of the world (notably Europe, Canada, Australia, South Africa and most of South America). In order to ensure the protection of your personal information, the transfer of that information to Hyatt's U.S.-based information system will be governed by our binding corporate rules (where they apply to you – for more information about our binding corporate rules, please see Section 14 below). The third-party service provider who acts on Hyatt's behalf to compile the extract will be subject to contractual provisions meeting the requirements of Hyatt's binding corporate rules.
Once the personal information is transferred to the credit card network operator, credit card issuer, your employer or corporate client and/or their respective subcontractors, it is no longer subject to the protections described in this Policy, but rather your own arrangements with your employer or corporate client, the relevant credit card network operator and/or the relevant card issuer.
6.8 Legal Requirements
Subject to applicable laws, we reserve the right to disclose any personal information we have concerning you if we are compelled to do so by a court of law or lawfully requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws. We also reserve the right to retain personal information collected and to process such personal information to comply with accounting and tax rules and regulations and any specific record retention laws.
If you are based or booking a property in the People’s Republic of China (which excludes for the purposes of this Policy, Hong Kong SAR, Macau SAR, and Taiwan), please click here for a full list of the recipient companies and other organisations that can independently determine processing purposes and methods when processing your information, their contact details and details on what, how and why they process your personal information.
7 International Transfers of Personal Information
Like most international businesses, we have centralized certain aspects of our data processing activities in accordance with applicable laws, which, in many instances, will result in the transfer of your personal information from one country/territory to another. For example, if you make a reservation and/or stay at one of the Hyatt Locations outside of the United States, the personal information gathered in that process will be transferred to and processed in the United States, in accordance with Hyatt's binding corporate rules (where they apply to you – for more information about our binding corporate rules, please see Section 14 below). The jurisdictions where that information will be processed may or may not have laws that seek to preserve the privacy of personal information. Nevertheless, whenever your personal information is transferred within the Hyatt companies, your personal information will be processed in accordance with the terms and conditions of this Policy and applicable laws. A list of the main Hyatt Locations to which your personal information may be transferred, and the jurisdictions in which those entities are located, can be found by selecting “All” at www.hyatt.com/explore-hotels.
Additionally, some of the third-party suppliers to which we transfer your personal information may be based in different locations, some of which may have lower standards of data protection than in your home country/territory. When we do transfer personal information to such third parties, we ensure appropriate safeguards (such as entering into data transfer agreements based on clauses approved by major regulators) are in place, and oblige those third parties to protect your personal information in accordance with the terms and conditions of this Policy, with appropriate security measures. These third parties broadly fall into two groups: (i) locally-provided suppliers supporting individual Hyatt Locations or groups of Hyatt Locations, who may operate in any of the countries/territories in which Hyatt Locations operate; or (ii) centrally-procured service providers, supporting Hyatt as a whole, who may be located in our major business locations, in particular the United States (where we are headquartered), Switzerland and Hong Kong SAR.
In some jurisdictions, data privacy laws may require us to obtain your consent before we transfer your information from your originating country/territory to other countries/territories. When you consent to this Policy, you are, to the extent required and permitted under your local law, granting your consent to the transfer of your personal information to such other countries/territories for the purpose and to the extent stated in this section and as described in Section 5 above (except, in some jurisdictions, where we will ask that you grant that consent separately).
If you are based or booking a property in the People’s Republic of China, please click here for a list of the organisations to whom we transfer personal information outside of the People’s Republic of China, their contact details and details on what, how and why such organisations process your personal information and how you can exercise your data privacy rights in respect of those organisations.
8 Interacting With Us Online
If you interact with us online, you may wish to know the following:
8.1 You Can Browse Without Revealing Who You Are
You can always visit our websites without logging in or otherwise revealing who you are.
8.2 Cookies and Related Technologies
evaluate and improve the functionality of our websites. These cookies and related technologies also allow us, advertising networks, social media companies, and other providers, to place advertisements and customized content.
Further information about cookies and related technologies and how they work is available at allaboutcookies.org.
8.3 Social Media
Our websites may also contain plug-ins and other features that integrate third-party social media platforms into our websites. You will be able to activate them manually. If you do so, the third parties who operate these platforms may be able to identify you, they may be able to determine how you use this website and they may link and store this information with your social media profile. Please consult the data protection policies of these social media platforms to understand what they will be doing with your personal data. If you activate these plug-ins and other features, you will be doing so at your own risk.
8.4 Creating a User Profile
You can create a user profile on a Hyatt website to, among other things, facilitate your online transactions, and to tailor your experience on our websites to your interests. This allows us to make more appropriate recommendations to you. We may use the information you provide in your user profile to populate other databases maintained by us and our service providers, as applicable and to the extent permitted by law. By creating a user profile, you are consenting that we may use the personal information you provide for these purposes.
You can view, update or remove any personal information that you have provided to us for inclusion in your user profile by amending your user profile online or emailing email@example.com. If you subsequently elect to remove your user profile, we reserve the right to use any personal information previously provided by you for inclusion in your user profile for record keeping and quality assurance purposes (unless we are required by law to delete or cease to process or use your personal information). Even if you choose not to create a user profile, you can still use our websites to search for and purchase services.
8.5 Links to Other Websites
If you visit a Hyatt website and decide, for example, to purchase a gift certificate, make an airline reservation, rent a car, submit award request forms or apply for a job online, you may be seamlessly linked to websites maintained by third parties with whom we have contracted to provide those services. If you click on a link found on our websites or on any other website, you should always look at the location bar within your browser to determine whether you have been linked to a different website. This Policy, and our responsibility, is limited to our own information collection practices. We are not responsible for, and cannot always ensure, the information collection practices or privacy policies of other websites maintained by third parties or our service providers where you submit your personal information directly to such websites. In addition, we cannot ensure the content of the websites maintained by these third parties or our service providers, even if accessible using a link from our websites. We urge you to read the privacy and security policies of any external websites before providing any personal information while accessing those websites.
Because the security of your personal information is important to us, we require Transport Layer Security (“TLS”) software in order to encrypt the personal information that you provide to us. When using TLS, your transmission of personal information to us online is encrypted. You can verify whether your personal information is transmitted using TLS encryption by confirming the symbol of a closed lock or solid key inside your browser address bar. You can also verify that your personal information will be encrypted using TLS encryption by making sure that the prefix for the web address listed for that page has changed from "http" to "https". If you do not see the appropriate symbol and/or the "https" prefix, you should not assume that the personal information that you are being asked to provide will be encrypted prior to transmission.
The personal information we collect from you online is stored by us and/or our service providers on databases protected through a combination of physical and electronic access controls, firewall technology and other reasonable security measures. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. Where required under law, we will notify you of any such loss, misuse or alteration of personal information that may affect you so that you can take the appropriate actions for the due protection of your rights.
8.7 Minor Children
Our websites do not sell products or services for purchase by children and we do not knowingly solicit or collect personal information from children. If you are under the age of 18 (or a minor in the jurisdiction in which you are accessing our websites), you may only use our websites with the involvement of a parent or guardian.
When you download or register to use one of our apps, you may submit personal information to us such as your name, address, email address, phone number, date of birth, username, password and other registration information, financial and credit card information, personal description and/or image.
Further, when you use our apps, we may collect certain information automatically, including technical information related to your mobile device, your device's unique identifier, your mobile network information, the type of mobile browser you use and information about the way you use the app.
Depending on the particular app you use and only after you have consented to such collection, we may also collect information stored on your device, including contact information, friends lists, login information (where necessary to allow us to communicate with other apps at your request), photos, videos, location information or other digital content. Further details of the kinds of information we collect is set out in the privacy notice for each individual app.
You may always choose what personal information (if any) you wish to provide to us. However, if you choose not to provide certain details, some of your experiences with us may be affected (for example, we cannot take a reservation without a name).
If you provide us with your contact details (e.g., postal address, email address, telephone number or fax number), we may contact you to let you know about the products, services, promotions and events offered that we think you may be interested in, to the extent permitted by applicable law. We may also share your personal information with carefully-selected third parties, who may communicate directly with you, to the extent permitted by applicable law. In some jurisdictions, data privacy laws may require us to obtain a separate consent before we do so. You can always choose whether or not to receive any or all of these communications by contacting us as described in Section 14 below or following the “unsubscribe” instructions contained in the communications.
If you have an account with our frequent guest program (e.g., World of Hyatt®), we ask you to indicate your communication preferences at the time you apply for membership or when you create your user profile. We may also ask you to indicate how you would like to receive any offers, marketing and promotional information (e.g., via email or regular mail) and whether you would be willing to participate in surveys. Once you have indicated your preferences, you can always change them.
In some jurisdictions, in addition to you consenting to this Policy, data privacy laws may require us to obtain a separate consent before we send you information that you have not specifically requested. In certain circumstances, your consent may be implied (e.g., where communications are required in order to fulfil your requests and/or where you have volunteered information for use by us). In other cases, we may seek your consent expressly in accordance with applicable laws (e.g., where the information collected is regarded to be Sensitive Personal Information under local regulations).
We will abide by any request from you not to send you direct marketing materials. When such a request is received, your contact details will be "suppressed" rather than deleted. This will ensure that your request is recorded and retained unless you provide a later consent that overrides it.
11 Updating or Accessing Your Personal Information and Your Other Privacy Rights
With some limited exceptions, you may access and update personal information held about you. If you want to inquire about any personal information we may have about you, you can do so by clicking here, or by sending us a written request by letter or email to the addresses set out in Section 14 below. Please be sure to include your full name, address and telephone number and a copy of a document evidencing your identity (such as an ID card or passport) so we can ascertain your identity and whether we have any personal information regarding you, or in case we need to contact you to obtain any additional information we may require to make that determination. Where you make more than one request in quick succession, we may respond to your subsequent request by referring to our earlier response and only identifying any items that have changed materially.
Depending on applicable law, you may request that we correct, delete, and/or stop or restrict processing or using personal information that we hold about you by clicking here, or by sending a letter or email to the addresses set out in Section 14 below. If we agree that the personal information is incorrect, or that the processing should be stopped, we will delete or correct the personal information. If we do not agree that the personal information is incorrect we will tell you that we do not agree, explain our refusal to you and record the fact that you consider that personal information to be incorrect in the relevant file(s).
Depending on applicable law, you may also withdraw your consent, exercise your right to data portability and request that the rules on processing of your personal information are explained by sending a letter or email to the addresses set out in Section 14 below.
If you are unhappy with the way we have handled your request, you can escalate your concern to the Chief Privacy Officer by sending an email to firstname.lastname@example.org.
12 Local Privacy Rights
12.1 California Privacy Rights
If you reside in California, you may also make the following more specific requests with respect to your personal information in accordance with applicable law:
As is the case for all consumers regardless of residency, we will not discriminate against you because you exercised any of these rights. Note that for purposes of these rights, personal information does not include information about job applicants, employees and other of our personnel; information about employees and other representatives of third-party entities we may interact with in their business or commercial capacity; or information we have collected as a service provider to our clients.
California residents can exercise these rights online by clicking here or by emailing or calling us using the contact information in Section 14. We may deny certain requests, or fulfil a request only in part, based on our legal rights and obligations. For example, we may retain personal information as permitted by law, such as for tax or other record-keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests.
We will take reasonable steps to verify your identity prior to responding to your requests. The verification steps will vary depending on the sensitivity of the personal information and whether you have an account with us.
California residents may designate an authorized agent to make a request on their behalf. When submitting the request, please ensure the authorized agent is identified as an authorized agent and ensure the agent has the necessary information to complete the verification process.
For purposes of exercising these rights, please note the following regarding how we collect and use your personal information as described in this Policy, including in the previous 12 months:
12.2 China Privacy Rights
This Policy, as updated from time to time, is inclusive of the laws of the People’s Republic of China.
13 Changes to This Policy
Just as our business changes constantly, this Policy may also change. To assist you, this Policy has an effective date set out at the end of this document.
14 Request for Access to Personal Information/Questions or Complaints
If you have any questions about this Policy, about the processing of your data described, or any concerns or complaints with regard to the administration of the Policy, or if you would like to submit a request (in the manner described in Section 11 above) to exercise your rights in relation to the personal information that we maintain about you, please click here or contact us by any of the following means:
If you are not satisfied with the response that you receive, you can escalate your concern to the Chief Privacy Officer by sending an email to email@example.com.
While this Policy alone does not create contractual rights, Hyatt has ensured compliance with some of its legal obligations in some countries/territories in relation to personal information by creating a set of binding standards and policies (known in some countries/territories as binding corporate rules), approved by a number of national privacy regulators. As a result, depending on your circumstances and location, you may be able to enforce your privacy rights using those standards or policies through that regulator or a court. If you would like to know more about these standards and policies, please contact Hyatt Hotels & Resorts at the address above or the Chief Privacy Officer at the email address above.
All requests for access to your personal information must be submitted in writing by letter or email. We may respond to your request by letter, email, telephone or any other suitable method.
Effective Date: November 2021
In the event of any inconsistencies between the English version of this Policy and any version of this Policy in any other language, the English version shall prevail.
Offers on hotel rooms delivered directly to your inbox