PERSONAL INFORMATION MANAGEMENT POLICY (JAPAN)

1. Introduction

We use your personal information in order to fulfil our commitment to providing an unparalleled guest service experience in connection with all or your interactions with Hyatt (the “Purpose”). As part of that undertaking, we are committed to safeguarding the privacy of the personal information that we gather.

As one of our guests or someone else with whom we do business, you understand and agree that we collect, use and disclose your personal information in accordance with this Personal Information Management Policy (this “Policy”).

2. The Application of this Policy

This Policy applies to personal information regarding guests and the other individuals with whom we do business or who visit us and to the use of that personal information in any form - whether oral, electronic or written.

This Policy gives effect to our commitment to protect your personal information and has been adopted by Hyatt International-Asia Pacific, Limited and the legal entities who own and operate Park Hyatt Niseko HANAZONO, Hyatt Regency Tokyo Bay, Andaz Tokyo Toranomon Hills, Grand Hyatt Tokyo, Hyatt Centric Ginza Tokyo, Hyatt Regency Tokyo, Park Hyatt Tokyo, Hyatt Regency Yokohama, Hyatt Regency Hakone Resort and Spa, Fuji Speedway Hotel, Hyatt Centric Kanazawa, Hyatt House Kanazawa, Hyatt Place Kyoto, Hyatt Regency Kyoto, Park Hyatt Kyoto, Hyatt Regency Osaka, Grand Hyatt Fukuoka, Hyatt Regency Naha Okinawa, and Hyatt Regency Seragaki Island Okinawa. References to “Hyatt”, “Hyatt Group”, “we” and “our” throughout this Policy, depending upon the context, refer to these hotels.

This Policy does not apply to the other various Hyatt Hotels & Resorts™ or Hyatt Hotels Corporation and its direct and indirect subsidiaries, whose use of personal information is described in the Global Privacy Policy found here.  Policy does not address or apply to the processing of personal information undertaken by the Apple Leisure Group companies and the definition of “Hyatt,” “Hyatt Group,” “us,” or “we” shall not include the Apple Leisure Group companies. If you book a Secrets Resorts & Spas, Dreams Resorts & Spas, Breathless Resorts & Spas, Zoëtry Wellness & Spa Resorts, Alua Hotels & Resorts, Sunscape Resorts & Spas resorts, or an independently branded hotels and resorts managed by or affiliated with Apple Leisure Group, (collectively, “Legacy AMR Collection”) property or a property otherwise managed or affiliated with Apple Leisure Group, your information will be subject to the privacy notice presented during booking, not this Policy. However, for purposes of this Policy, the term Hyatt Locations does not include: (a) locations operated under an Legacy AMR Collection or a property otherwise managed or affiliated with Apple Leisure Group or its affiliates; (b) UrCove; (c) locations affiliated with the JdV by Hyatt brand but not affiliated with Hyatt, including the Galleria Park hotel; and (d) locations that participate in World of Hyatt through an alliance with the World of Hyatt program, including without limitation locations affiliated with MGM Rewards, Small Luxury Hotels of the World, and excursions offered by Lindblad Expeditions. The use of the ® symbol designates marks that are registered with the U.S. Patent and Trademark Office, and such marks may also be registered with the trademark offices of certain other territories/countries.

This Policy also applies when you interact with Hyatt either through our websites - including Hyatt.com and our various booking sites – (collectively, “Websites”), our mobile applications – including World of Hyatt – (collectively, the “Applications”), in person, such as when you visit us at Hyatt Locations, or when you communicate with us by phone, text, direct message, social media, or other similar functionality. This Policy also applies to the personal information about you that we receive from a third party, unless specifically covered by such third party’s privacy policy or Hyatt’s Privacy Policy for Employees.

While this Policy is intended to describe the broadest range of our personal information processing activities globally, those processing activities may be more limited in some jurisdictions based on the restrictions of their laws. For example, the laws of a particular country/territory may limit the types of personal information we can collect or the manner in which we process that personal information. In those instances, we adjust our internal policies and/or practices to reflect the requirements of local law.

If you are a Hyatt associate, please see the Global Privacy Policy for Employees or your applicable employer's privacy policy, as this Policy does not apply to your personal information, unless collected in your capacity as a guest.

3. Types of Personal Information We Collect

The term “personal information” in this Policy refers to information that does or is capable of identifying you as an individual. The types of personal information that we process (which may vary by jurisdiction based on applicable law) include:

  • Contact and Identification Information: We may collect information such as your name, contact details (e.g., phone number(s), address, or email) professional title, employer or professional affiliations, passport and visa information and information from other government IDs;
  • Account Information and Marketing Preferences: We may collect your account details and credentials for the Hyatt frequent guest program and any frequent flyer or travel partner program. We may also collect information on your marketing preferences;
  • Stay and Purchase Information: We may collect information such as the hotels where you have stayed or booked a stay, dates of arrival and departure, goods and services purchased or utilized at Hyatt Locations or on the Website or Application, physical and digital room key usage, special requests made, service and stay preferences (including room and vacation preferences), telephone numbers dialed and faxes sent, calls or messages received, and any feedback or content you provide to us regarding your stay. We may also collect information through the use of closed-circuit television systems, Internet systems (including wired or wireless networks, smart or mobile device, or your location), and other security and technology systems;
  • Device, Internet & Network Activity: We may collect the Internet Protocol (“IP”) address automatically assigned to your computer or device each time you interact with us online. We may also collect information from your devices if they connect to, or are detected by, the wireless networks at our properties. We or our vendors might also collect information about how you use of Wi-Fi networks and other services, such as the websites you visit while using our Wi-Fi network. We also use cookies and related technologies to collect information related to how you interact with our Websites, Applications, and online content. We may collect the date and time of your visit, the pages you access and the amount of time you spend on each page, the type of Internet browser you use, your device’s model, manufacturer and operating system, your search terms on the Website, the URL of any websites that you visited before and after visiting our Websites (including the advertisement that referred you to our Website), and whether you click or interact with our digital content and advertising on our Websites and other sites. We may also use technologies to record user sessions on our Websites and Applications.  When you access the Application or the mobile version of the Website, we collect your device, your device’s unique identifier, your mobile network information, and the type of browser you use. We may also embed technologies (which may include, for example, web beacons, tags, and pixels) in the emails and other communications we or our vendors send to you to help us understand how you interact with those messages, such as whether and when you opened a message or clicked on any content within the message.  For information about how Hyatt uses cookies and related technologies and how to disable such cookies and related technologies, please see Section 8.2 below;
  • Payment and Credit Information: We may collect credit card and other payment method details. In limited cases, we may also collect information relating to the credit of customers;
  • Location Information: We may automatically collect information about your precise geolocation when you access the Website or Application to the extent permitted by applicable law. We may also collect information about your general location using your IP address and your postal code;
  • Demographic Information: We may collect demographic information, such as your gender, nationality, age, and date and place of birth;
  • Biometric, Health-related or other Sensitive Personal Information: We may collect Sensitive Personal Information such as health-related or religion information you provide us to fulfil special requests (e.g., health or religious conditions that require specific accommodation or services), or biometric information, such as information used for facial recognition;
  • Audio and Visual Information: We may record our customer service calls and security footage of our properties, which may include your voice and/or image;
  • Preferences and Inferences: We may collect your preferences or make inferences about you, reflecting what we believe to be your preferences, characteristics, and predispositions, based on other personal information we have; and
  • Device Content: With your permission, we may collect information relating to the content on your device. For more information, see Section 9.

There may be instances in which the personal information that you provide to us or that we collect is considered Sensitive Personal Information under the privacy laws of some territories/countries. Depending on the applicable law, “Sensitive Personal Information” can mean personal information from which we can determine or infer an individual’s racial or ethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, membership in a trade union or professional, religious, philosophical, or political association, physical or mental health or condition, medical treatment, genetic data, biometric information, and information about an individual’s sexual orientation. In some very rare instances, financial records, credit card information and location data may constitute Sensitive Personal Information where you are located. If we rely on consent to process your Sensitive Personal Information, you have the right to withdraw that consent at any time. We only process Sensitive Personal Information in your jurisdiction if and to the extent permitted or required by applicable law (e.g., so that we can ensure we tailor our services to you accordingly in terms of food allergies and medical conditions, to ensure we can process card payments). We will seek to protect such information rigorously using the security standards further described below.

When you consent to this Policy you are, to the extent required and permitted under your local law, granting your express and written consent to the processing of any personal information that you provide to Hyatt that is considered to be Sensitive Personal Information or financial information (except, in some jurisdictions, where we will ask that you grant that consent separately). Save to the extent required by law, you are not obliged to provide Hyatt with any of your Sensitive Personal Information, and should you choose not to, this will not prevent you from purchasing any products or services from Hyatt (except in locations where credit card information may constitute Sensitive Personal Information).

4. How We Collect Personal Information

We collect information about you in the following ways:

  • Directly from you: Much of the personal information we process is information that you or someone acting on your behalf directly provides to us. For example, you may provide us with Contact and Identification Information, Stay and Purchase Information, Payment Information, Demographic Information, and Health-related Information, when you create an account; book a reservation; complete surveys, sweepstakes, contests or promotional offers; contact customer service; use our complimentary Wi-Fi; or contact us via email, text, or chat, over the phone, in person, or through third parties.
  • From your devices and our networks: We use cookies and related technologies to passively collect personal information from and across your devices when you interact with the Website, Application, our emails, or other online content or when your device connects to, or is detected by, the wireless networks at our properties.
  • From other businesses or individuals: We work with business and marketing partners and social media platforms that give us personal information about you that they have collected either directly or indirectly from you. We also use features that let your friends and family give us your personal information, for example when a family member or friend checks in on your behalf. We also may receive your personal information from (i) someone acting on your behalf, such as your travel agent or your employer (where your employer books travel for you), (ii) your travel provider, such as an airline, or (iii) your third-party card or loyalty scheme provider.
  • From social media: If you post to one of our pages on a social media site, we may receive Contact and Identification Information, Stay and Purchase Information, Internet and Network Activity, and any other personal information contained in your social media posts or profile.
  • when your image is captured on CCTV at the hotel (to the extent permitted by law), or you use our internet in-room services, phones or faxes or access the internet at our properties or use your card-key.

5. How We Use Personal Information

Subject to applicable laws, we may collect, use and disclose relevant portions of your personal information in order to:

  • provide, charge for, and manage hotel accommodation and other goods and services;
  • provide you with customer support and a better or more personalized level of service at Hyatt Locations as well as through the Website, Application, frequent guest program (e.g., World of Hyatt®), third-party applications, products or services, or through products or services Hyatt develops in the future;
  • allow us to evaluate, analyze, and improve the functionality of our Websites, Applications, or goods and services;
  • facilitate concierge services on your behalf, e.g., restaurant, attraction and transportation transactions;
  • administer loyalty, travel, or discount programs and the Hyatt frequent guest program (e.g., World of Hyatt®);
  • administer contests, sweepstakes, or other promotions;
  • fulfil contractual obligations to you, anyone involved in the process of making your travel arrangements (e.g., travel agents, group travel organizers, or your employer) and vendors (e.g., credit card companies, airline operators, and third-party loyalty, travel, or discount programs);
  • conduct market research, customer satisfaction and quality assurance surveys
  • conduct marketing and sales promotions and serve targeted advertising for products, services, events, or promotions you might be interested in, including those provided by the Hyatt Group and by other parties. Where permitted by law, we may work with other companies to serve advertisements or marketing that we think you may find relevant and useful. This may include advertisements displayed on our own Websites or Applications, contained in emails or other communications sent by us, or advertisements from us displayed on other companies' websites. The advertisements you see may be based on information collected by us or third parties and/or may be based on your activities on our Websites, Applications or third-party websites;
  • provide for the safety and security of staff, guests, visitors and others;
  • prevent, detect, and investigate fraud, cyber incidents, or other illegal or harmful activity;
  • communicate with you about our relationship, such as updates to this Policy or other important legal or business changes;
  • administer general record keeping;
  • meet legal and regulatory requirements or compliance obligations;
  • test and evaluate new products and services;
  • process credit applications;
  • fulfil other purposes as disclosed to you in accordance with applicable law or with your consent; and
  • use certain pieces of personal information to verify your identity if you make requests regarding your personal information pursuant to this Policy. The verification steps and the pieces of personal information that we request may vary depending on the sensitivity and nature of your request.

Hyatt uses and retains your personal information for as long as is necessary to fulfil the Purpose, and in line with our legal and regulatory obligations and risk management guidelines.

There are Closed Circuit Television (CCTV) cameras in operation within and around our hotels and other premises, which, depending on the respective country and applicable laws, may be used for the following purposes:

  • to prevent and detect crime;
  • to protect the health and safety of Hyatt guests and staff;
  • to manage and protect Hyatt's property and the property of Hyatt's staff, guests and other visitors; and
  • (to the extent permitted by law) for quality assurance purposes.

5.1 Basis of Processing

When we process your personal information as one of our guests or someone else with whom we do business, we process that information on the basis of one more of the following legal bases depending on the circumstances: (i) our legitimate interests (as detailed above), (ii) because of legal obligations we are subject to, (iii) because the information is required to fulfil contractual obligations either to you, to anyone involved in making your travel arrangements (e.g., travel agents, group travel organizers, or your employer) and/or to vendors (e.g., credit card companies, airline operators, and third-party loyalty, travel, or discount programs), or (iv) with your consent.

6. Disclosures of your Personal Information

From time to time, we may disclose your personal information. We would always make that disclosure in accordance with applicable law. In some jurisdictions, data privacy laws may require us to obtain your consent before we transfer your information from your originating country to other countries. When you agree to this Policy, you are, to the extent required and permitted under your local law, granting your consent to the transfer of your personal information to such other countries for the Purpose and to the extent stated in this section and as described in Section 5 above. In all cases, Hyatt International-Asia Pacific, Limited is responsible for management of your personal information (please see Section 14 below for information on how to contact Hyatt International-Asia Pacific, Limited). Circumstances where we might make such disclosure (in addition to those described in Section 3 above) include:

6.1 Our Affiliates, Service Providers and Suppliers

We disclose the following personal information to, and jointly use the following personal information together with, the following Hyatt entities, for the following purpose of use:

 

NamePurposePersonal Information ProvidedUse Period
Hyatt Hotels Corporation (USA) The purposes described in Section 5 above (excluding purposes relating to CCTV) All personal information described in Section 3 above.  As required for the purposes described in Section 5 above
Hyatt Services GmbH (Germany) The purposes described in Section 5 above (excluding purposes relating to CCTV) All personal information described in Section 3 above. As required for the purposes described in Section 5 above
Hyatt India Consultancy Private Limited (India) The purposes described in Section 5 above (excluding purposes relating to CCTV) All personal information described in Section 3 above. As required for the purposes described in Section 5 above
Hyatt International Hotel Management (Beijing) Co., Ltd. (People’s Republic of China) The purposes described in Section 5 above (excluding purposes relating to CCTV) All personal information described in Section 3 above. As required for the purposes described in Section 5 above
Hyatt Chain Services Limited (Hong Kong (PRC)) The purposes described in Section 5 above (excluding purposes relating to CCTV) All personal information described in Section 3 above. As required for the purposes described in Section 5 above
International Reservations Limited (Hong Kong (PRC)) The purposes described in Section 5 above (excluding purposes relating to CCTV) All personal information described in Section 3 above. As required for the purposes described in Section 5 above
Information Services Limited (Hong Kong (PRC)) The purposes described in Section 5 above (excluding purposes relating to CCTV) All personal information described in Section 3 above. As required for the purposes described in Section 5 above

 

We also disclose the following personal information to, and jointly use the following personal information together with, the following third parties for the following purpose of use:

 

NamePurposePersonal Information ProvidedUse Period
800 Teleservices (Hong Kong) Limited Reservation Services Name, email, phone number, reservation details, special request Until the termination of membership / contract with third party
MICROS-FIDELIO Opera application maintenance All database records View only for database maintenance when requested
Medallia Survey Guest satisfaction survey Name, phone number, email, address, nationality, stay period, room rate, membership number and other additional personal information Until the termination of membership / contract with third party
Cendyn Online restaurant reservations Name, email, phone number, reservation details, special request Until the termination of membership / contract with third party
Experian Cheetah Mail Emailing Name, email Until the termination of membership / contract with third party
Starmark Telemarketing Name, phone number, membership number, email, address and other additional personal information Until the termination of membership / contract with third party
Corner Creative Inc. Mailing for news letter Name, e-mail Until the termination of membership / contract with third party
DongA DM Direct mailing Name, address Until the termination of membership / contract with third party
Eat 2 Eat DINE@HYATT homepage maintenance Name, phone number, membership number, email, address and other additional personal information Until the termination of membership / contract with third party
GL Marketing Marketing Name, contact number, e-mail address, mailing address, membership number Until the termination of membership / contract with third party
Olson 1to1 Hyatt Loyalty Program (World of Hyatt) Administration Name, phone number, membership number, email, address and other additional personal information Until the termination of membership / contract with third party

 

6.2 Consumer Insights

Where we hold personal information about you, we may disclose the following personal information to, and jointly use the following personal information together with, the following companies that also hold information about you, for the following purpose of use:

 

NamePurposePersonal Information ProvidedUse Period
Chase Bank USA, N.A. To offer the Hyatt-branded credit card Name, contact number, e-mail address, mailing address, nationality, guest stay information, membership number Until the termination of contract with third party
Organizations who have partnered with Hyatt to offer benefits under Hyatt’s loyalty program, such as MGM. For details, see https://world.hyatt.com/content/gp/en/rewards/other-partnerships.html. To share information at the guest’s request if the guest is a joint member of Hyatt’s loyalty program and a Company’s loyalty program and opts to earn such Company’s loyalty points in lieu of Hyatt loyalty program points Name, contact number, e-mail address, mailing address, nationality, guest stay information, membership number Until the termination of contract with third party
Airlines who have partnered with Hyatt to offer benefits under Hyatt’s loyalty program, and auto partners. For details, see https://world.hyatt.com/content/gp/en/rewards/air-auto.html. To share information at the guest’s request if the guest is a joint member of Hyatt’s loyalty program and the airline’s loyalty program and opts to earn airline loyalty program points in lieu of Hyatt loyalty program points Name, contact number, e-mail address, mailing address, nationality, guest stay information, membership number Until the termination of contract with third party

 

These companies may combine the information in order to better understand your preferences and interests, thereby enabling them and us to serve you better.

6.3 Business Transfers

As we continue to develop our business, we may sell hotels and other assets, or cease being the manager or franchisor of a hotel that is currently part of our portfolio. In those circumstances, we may include the personal information collected about you, or control of that personal information, as a business asset in any such transfer. Also, in the unlikely event that we, or substantially all of our assets, are acquired, personal information collected about you, or control of such information, may be one of the transferred assets.

Similarly, we may disclose your personal information to a third party whom we acquire in order to facilitate mergers and acquisitions of our business and for the furtherance of the purposes described in Section 5 above.

6.4 E-Folio Program

If you are an employee or independent contractor of a company that participates in Hyatt's E-Folio Program, and you use the corporate credit card that is provided to you by your employer (if you are an employee) or corporate client (if you are an independent contractor) to pay for your hotel bill at a Hyatt property, then you may benefit from Hyatt's E-Folio Program.

Under the E-Folio Program, an extract of your bill (including the dates of your stay, your credit card details and amounts incurred at the Hyatt property including room charges and all incidental charges including but not limited to food, beverage and entertainment charges) will be transferred electronically by the Hyatt property via Hyatt's U.S.-based information system either to Hyatt or to a third-party service provider located in the United States who acts on Hyatt's behalf to compile the extract and transfer it to:

  • the credit card network operator, the credit card issuer and/or their respective subcontractors, who will, in turn, forward that extract to your employer or corporate client (and/or their respective subcontractors) to facilitate the processing and tracking of your travel-related expenses; or
  • in some limited circumstances, your employer or corporate client (and/or their respective subcontractors) directly for the same purpose.

The entities that receive the extract of your bill may be located in the United States, which does not have privacy laws that specifically address in detail all uses of personal information in the same way as in other parts of the world (notably Europe, Canada, Australia, South Africa and most of South America). In order to ensure the protection of your personal information, its transfer to Hyatt's U.S.-based information system will be governed by our binding corporate rules (where they apply to you). The third-party service provider who acts on Hyatt's behalf to compile the extract will be subject to contractual provisions meeting the requirements of Hyatt's binding corporate rules.

Once the personal information is transferred to the credit card network operator, credit card issuer, your employer or corporate client and/or their respective subcontractors, it is no longer subject to the protections described in this Policy, but rather your own arrangements with your employer or corporate client, the relevant credit card network operator and/or the relevant card issuer.

6.5 Legal Requirements

We reserve the right to disclose any personal information we have concerning you if we are compelled to do so by a court of law or lawfully requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws. We also reserve the right to retain personal information collected and to process such personal information to comply with accounting and tax rules and regulations and any specific record retention laws.

6.6 Reservations and Other Requests at Third Party Locations

Our services, including Hyatt.com, allow you to make requests for reservations and other items or services with third parties, including hotels that are not Hyatt Locations (such as locations operated by or affiliated with Apple Leisure Group, locations affiliated with the JdV by Hyatt brand but not affiliated with Hyatt, including the Galleria Park hotel, locations that participate in World of Hyatt through an alliance with the World of Hyatt program, including MGM Rewards and Small Luxury Hotels of the World locations, and locations affiliated with other brands through which World of Hyatt rewards can be obtained from time to time), and excursions offered by Lindblad Expeditions. Where you make such a request, we will pass information about your request that you provide to us, along with information about your World of Hyatt account, to the third party. The information we provide to these third parties will be handled in accordance with their own privacy policies and procedures, and not Hyatt’s.

6.7 Hyatt Group and Apple Leisure Group

We may disclose your information to other organisations within the Hyatt Group and the Apple Leisure Group for the purposes described in this Policy, including for providing you with Hyatt Group and/or Apple Leisure Group services, and for administering membership/loyalty programs.

6.8 Our Agents, Service Providers, and Suppliers

Like most international hotel brands, we may outsource the processing of certain functions and/or information to third parties. When we do outsource the processing of your personal information to third parties or provide your personal information to third-party service providers, we oblige those third parties to protect your personal information with appropriate security measures.

6.9 Credit Authorization

When you request credit, your personal information will be used and disclosed to appropriate third parties in accordance with applicable laws for the purpose of determining whether to grant and maintain a line of credit to you.

7. Centralized Data Processing Activities

Like most international businesses, we have centralized certain aspects of our data processing activities in accordance with applicable laws, which, in many instances, will result in the transfer of your personal information from one country to another. For example, if you make a reservation and/or stay at one of the Hyatt hotels or resorts outside of the United States, the personal information gathered in that process will be transferred to and processed in the United States, in accordance with Hyatt's binding corporate rules (where they apply to you). The jurisdictions where that information will be processed may or may not have laws that seek to preserve the privacy of personal information. Nevertheless, whenever your personal information is transferred within the Hyatt companies, your personal information will be processed in accordance with the terms and conditions of this Policy and applicable laws.

Additionally, some of the third-party suppliers to which we transfer your personal information may be based in different locations, some of which may have lower standards of data protection than in your home country/territory. When we do transfer personal information to such third parties, we ensure appropriate safeguards (such as entering into data transfer agreements based on clauses approved by major regulators) are in place, and oblige those third parties to protect your personal information, with appropriate security measures. These third parties broadly fall into two groups: (i) locally-provided suppliers supporting individual Hyatt Locations or groups of Hyatt Locations, who may operate in any of the countries in which Hyatt Locations operate; or (ii) centrally-procured service providers, supporting Hyatt as a whole, who may be located in our major business locations, in particular the United States (where we are headquartered), Switzerland and Hong Kong SAR.

8. Information We Collect When You Visit Us Online

If you access any Hyatt Website, you may wish to know the following:

8.1 You Can Browse Without Revealing Who You Are

You can always visit our Websites without logging in or otherwise revealing who you are.

8.2 Usage Information

When you visit our Websites, we collect information about how you use those Websites. Examples of such information include the Internet Protocol address automatically assigned to your computer each time you browse the Internet, the date and time of your visit, the pages you access and the amount of time you spend on each page, the type of Internet browser you use, your device's operating system and the URL of any websites that you visited before and after visiting our Website. That information is not linked to you as an individual unless you create a user profile, but we may keep records of the device being used.

8.3 Cookies and Other Similar Technology

We and other parties use cookies, pixels, beacons and other technologies on our Websites, Applications, and email and marketing messages. These technologies are used to improve our products and services, and for marketing, and they also allow us, advertising networks, social media companies, and other providers, to place and serve advertisements and customized content.

Some of our Websites allow you to manage your cookie preferences by clicking on the Cookie Center link that may be in the footer of those Websites. Additionally, you can opt out of certain uses of cookies for advertising purposes by visiting www.aboutads.info/choices and you can consult the user instructions for your Internet browser for additional controls relating to the use of cookies, including blocking certain cookies by adjusting the settings on your Internet browser. Choices you make regarding cookies are website, device, and browser specific, and are deleted whenever you clear your cookies or your browser’s cache. This means you need to adjust your cookie preferences on each website, device, and browser you use. If you block cookies, you will not be able to use all of the features of our Websites, including the customization features associated with creating a user profile.

Further information about cookies and related technologies and how they work is available at allaboutcookies.org.

Our Applications may contain software development kits (SDKs) provided by other parties which may collect and transmit information, including for purposes of enabling features in the Applications.  We may also collect device advertising identifiers. You can configure your mobile device privacy or advertising settings via your iOS or Android device to limit how applications track certain activity for advertising purposes. Choices you make are device specific.

8.4 Social Media

Our Websites may also contain plug-ins and other features that integrate third party social media platforms into our Websites. You will be able to activate them manually. If you do so, the third parties who operate these platforms may be able to identify you, they may be able to determine how you use this Website and they may link and store this information with your social media profile. Please consult the data protection policies of these social media platforms to understand what they will be doing with your personal data. If you activate these plug-ins and other features, you will be doing so at your own risk.

8.5 Creating a User Profile

You can create a user profile on a Hyatt website to, among other things, facilitate your online transactions, and to tailor your experience on our Websites to your interests. This allows us to make more appropriate recommendations to you. We may use the information you provide in your user profile to populate other databases maintained by us and our service providers, as applicable. By creating a user profile, you are agreeing that we may use the personal information you provide for these purposes.

You can view, update or remove any personal information that you have provided to us for inclusion in your user profile by amending your user profile online or emailing concierge@hyatt.com. If you subsequently elect to remove your user profile, we reserve the right to use any personal information previously provided by you for inclusion in your user profile for record keeping and quality assurance purposes (unless we are required by law to delete or cease to process or use your personal information). Even if you choose not to create a user profile, you can still use our Websites to search for and purchase services.

8.6 Links to Other Websites

If you visit a Hyatt Website and decide, for example, to purchase a gift certificate, make an airline reservation, rent a car, submit award request forms or apply for a job online, you may be seamlessly linked to websites maintained by third parties with whom we have contracted to provide those services. If you click on a link found on our Websites or on any other website, you should always look at the location bar within your browser to determine whether you have been linked to a different website. This Policy, and our responsibility, is limited to our own information collection practices. We are not responsible for, and cannot always ensure, the information collection practices or privacy policies of other websites maintained by third parties or our service providers where you submit your personal information directly to such websites. In addition, we cannot ensure the content of the websites maintained by these third parties or our service providers, even if accessible using a link from our Websites. We urge you to read the privacy and security policies of any external websites before providing any personal information while accessing those websites.

8.7 Security

Because the security of your personal information is important to us, we use Secured Socket Layer (“SSL”) software in order to encrypt the personal information that you provide to us. If your browser is SSL enabled (which most are), your transmission of personal information to us online will be encrypted. You can verify whether your personal information is transmitted using SSL encryption by confirming the symbol of a closed lock or solid key on the bottom bar of your browser window. You can also verify that your personal information will be encrypted using TLS encryption by making sure that the prefix for the web address listed for that page has changed from “http” to “https”. If you do not see the appropriate symbol and the "https" prefix, you should not assume that the personal information that you are being asked to provide will be encrypted prior to transmission.

The personal information we collect from you is stored by us and/or our service providers on databases protected through a combination of physical and electronic access controls, firewall technology and other reasonable security measures. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. Where required under law, we will notify you of any such loss, misuse or alteration of personal information that may affect you so that you can take the appropriate actions for the due protection of your rights.

8.8 Minor Children

Our Websites do not sell products or services for purchase by children and we do not knowingly solicit or collect personal information from children. You may only use the Site if you are at least eighteen (18) years of age and can form legally binding contracts under applicable law. The Site is not intended for and should not be used by minors. If you are under the age of eighteen (18) or unable to form legally binding contracts under applicable law, you may contact a hotel directly for assistance.

8.9 Targeted Advertising

Where permitted by law, we may work with other companies to show you advertisements we think you may find relevant and useful. This may include advertisements displayed on our own Websites or Applications, or advertisements from us displayed on other companies' websites. The advertisements you see may be based on information collected by us or third parties and/or may be based on your activities on our Websites or third-party websites.

9. Applications

When you download or register to use one of our Applications, you may submit personal information to us such as your name, address, email address, phone number, date of birth, username, password and other registration information, financial and credit card information, personal description and/or image.

Further, when you use our Application, we may collect certain information automatically, including technical information related to your mobile device, your device's unique identifier, your mobile network information, the type of mobile browser you use and information about the way you use the Application.

Depending on the particular Application you use and only after you have agreed to such collection, we may also collect information stored on your device, including contact information, friends lists, login information (where necessary to allow us to communicate with other applications at your request), photos, videos, location information or other digital content. Further details of the kinds of information we collect is set out in the privacy notice for each individual Application.

10. Choice

You may always choose what personal information (if any) you wish to provide to us. However, if you choose not to provide certain details, some of your experiences with us may be affected (for example, we cannot take a reservation without a name).

If you provide us with your contact details (e.g. postal address, email address, telephone number or fax number), we may contact you to let you know about the products, services, promotions and events offered that we think you may be interested in. We may also share your personal information with carefully-selected third parties, who may communicate directly with you. You can always choose whether or not to receive any or all of these communications by contacting us as described in Section 14 below or following the "unsubscribe" instructions contained in the communications.

If you have an account with our frequent guest program (e.g. World of Hyatt®) we ask you to indicate your communication preferences at the time you apply for membership or when you create your user profile. We may also ask you to indicate how you would like to receive any offers, marketing and promotional information (e.g. via email or regular mail) and whether you would be willing to participate in surveys. Once you have indicated your preferences, you can always change them.

In some jurisdictions, data privacy laws may require us to obtain your consent before we send you information that you have not specifically requested. In certain circumstances, your consent may be implied (e.g. where communications are required in order to fulfil your requests and/or where you have volunteered information for use by us). In other cases, we may seek your consent expressly in accordance with applicable laws (e.g. where the information collected is regarded to be Sensitive Personal Information under local regulations).

We will abide by any request from you not to send you direct marketing materials. When such a request is received, your contact details will be "suppressed" rather than deleted. This will help ensure that your request is recorded and retained unless you provide a later consent that overrides it.

11. How Long Do We Keep Your Information For?

Hyatt possesses and uses personal information for as long as it is necessary to fulfil the purpose of use and collection, and destroys without delay such personal information if the purpose of use has been satisfied. The procedure and method for destruction is as follows:

  • Personal information documented on paper will be shredded or incinerated.
  • Personal information saved in the form of electronic files will be destroyed by technical means making the records non-reproducible.

12. Updating or Accessing Your Personal Information

With some limited exceptions, you may access and update personal information held about you. If you want to inquire about any personal information we may have about you, any information we may have shared, or about the consequences of exercising any of your rights, you can do so by clicking here, or by sending us a written request by letter or email to the addresses set out in Section 14 below. Please be sure to include your full name, address and telephone number and a copy of a document evidencing your identity (such as an ID card or passport) so we can ascertain your identity and whether we have any personal information regarding you, or in case we need to contact you to obtain any additional information we may require to make that determination. Where you make more than one request in quick succession, we may respond to your subsequent request by referring to our earlier response and only identifying any items that have changed materially.

Depending on applicable law, you may request that we anonymize, block, correct, delete, and/or stop or restrict processing or using personal information that we hold about you by clicking here, or by sending a letter or email to the addresses set out in Section 14 below. If we agree that the personal information is incorrect, or that the processing should be stopped, we will delete or correct the personal information. If we do not agree that the personal information is incorrect we will tell you that we do not agree, explain our refusal to you and record the fact that you consider that personal information to be incorrect in the relevant file(s).

Depending on applicable law, you may also withdraw your consent, exercise your right to data portability and request that the rules on processing of your personal information are explained by sending a letter or email to the addresses set out in Section 14 below.

If you are unhappy with the way we have handled your request, you can escalate your concern to the Chief Privacy Officer by sending an email to privacy@hyatt.com.

13. Changes to this Policy

Just as our business changes constantly, this Policy may also change. To assist you, this Policy has an effective date set out at the end of this document.

14. Request for Access to Personal Information

If you have any questions about this Policy, about the processing of your data described, or any concerns or complaints with regard to the administration of the Policy, or if you would like to submit a request (in the manner described in Section 12 above) to exercise your rights in relation to the personal information that we maintain about you, please click here or contact us by any of the following means:

  • by calling one of the following toll-free reservation numbers located at the Customer Service page on hyatt.com;
  • by mail at Hyatt Hotels & Resorts, Attn: Consumer Affairs, 9805 Q Street, Omaha, NE 68127, United States; or
  • by contacting the front desk at any of our hotels.

If you are not satisfied with the response that you receive, you can escalate your concern to the Chief Privacy Officer by sending an email to privacy@hyatt.com.

While this Policy alone does not create contractual rights, Hyatt has ensured compliance with some of its legal obligations in some countries in relation to personal information by creating a set of binding standards and policies (known in some countries as binding corporate rules), approved by a number of national privacy regulators. As a result, depending on your circumstances and location, you may be able to enforce your privacy rights using those standards or policies through that regulator or a court. If you would like to know more about these standards and policies, please contact Hyatt Hotels & Resorts at the address above or the Chief Privacy Officer at the email address above.

All requests for access to your personal information must be submitted in writing by letter or email. We may respond to your request by letter, email, telephone or any other suitable method.

Effective Date: April 2022