GLOBAL PRIVACY POLICY FOR EMPLOYEES

1Introduction
We are committed to safeguarding the privacy of the personal information that we gather concerning our prospective, current and former employees (“you” or “employees”) for management, human resources and payroll purposes.
As a Hyatt employee (or prospective employee), you understand and acknowledge that we collect, use and disclose your personal information in accordance with this Global Privacy Policy for Employees (this “Policy”).
2The Application of this Policy
This Policy applies to employees’ personal information and to the use of that personal information in any form – whether oral, electronic or written.
This Policy gives effect to Hyatt’s commitment to protect your personal information and has been adopted by all of the separate and distinct legal entities that manage, operate, franchise, own and/or provide services to the various Hyatt hotels and resorts (whether branded Park Hyatt®, Miraval®, Grand Hyatt®, Hyatt Regency®, Hyatt®, Andaz®, Hyatt Centric®, The Unbound Collection by Hyatt, Hyatt Place®, Hyatt House®, Hyatt Ziva, Hyatt Zilara or another brand affiliated with Hyatt) or Hyatt Residence Club® properties around the world (“Hyatt Hotels & Resorts®”). Those entities include Hyatt Hotels Corporation and its direct and indirect subsidiaries, and all of the separate and distinct legal entities that own the individual Hyatt hotels and resorts and Hyatt Residence Club properties worldwide. References to “Hyatt”, “we” and “our” throughout this Policy, depending on the context, collectively refer to those separate and distinct legal entities, including the entity with which you have or may have an employment relationship.
Your personal information will be processed by the entity with which you have or may have an employment relationship with for the purposes set out in Section 4 below. Your personal information may be disclosed to the other entities listed above for human resources administration purposes.
While this Policy is intended to describe the broadest range of our personal information processing activities globally, those processing activities may be more limited in some jurisdictions based on the restrictions of their laws. For example, the laws of a particular country may limit the types of personal information we can collect or the manner in which we process that personal information. In those instances, we adjust our internal policies and/or practices to reflect the requirements of local law.
If you agree to this Policy you are, to the extent required under local law in some jurisdictions, granting your express and written consent to the processing of any personal information that you provide Hyatt that is considered to be Sensitive Personal Information (as described in Section 3) or is considered to be financial information.
3The Types of Personal Information We Process
The term “personal information” in this Policy refers to information that does or is capable of identifying you as an individual. The types of personal information that we process (which may vary by jurisdiction based on applicable law and the nature of the employee’s position and duties) include:
  • name, gender, home address and telephone number, date of birth, image, biometric information, marital status, emergency contacts;
  • residency and work permit status, military status, nationality and passport information;
  • social security or other taxpayer identification number, banking details;
  • sick pay, pensions, insurance and other benefits information (including the gender, age, nationality and passport information for any spouse, minor children or other eligible dependants and beneficiaries);
  • date of hire, date(s) of promotions(s), work history, technical skills, educational background, professional certifications and registrations, language capabilities, training courses attended;
  • height, weight and clothing sizes, photograph, physical limitations and special needs;
  • records of work absences, vacation entitlement and requests, salary history and expectations, performance appraisals, letters of appreciation and commendation, and disciplinary and grievance procedures (including monitoring compliance with and enforcing Hyatt policies);
  • where permitted by law and proportionate in view of the function to be carried out by an employee or prospective employee, the results of credit and criminal background checks, the results of drug and alcohol testing, screening, health certifications, driving licence number, vehicle registration and driving history;
  • information required to comply with laws, the requests and directions of law enforcement authorities or court orders (e.g., child support or debt payment information);
  • acknowledgements regarding Hyatt policies, including ethics and/or conflicts of interest policies and computer and other corporate resource usage policies;
  • information captured on security systems, including CCTV and key card entry systems and other security and technology systems, to the extent permitted by applicable law;
  • voicemails, emails, correspondence and other work product and communications created, stored or transmitted by an employee using Hyatt’s computer or communications equipment (although correspondence exchanged using Hyatt’s equipment but using personal addresses is only processed to the extent permitted by applicable law);
  • date of resignation or termination, reason for resignation or termination, information relating to administering termination of employment (e.g., references); and
  • any other relevant data that could be necessary to comply with Hyatt’s purposes.
Much of the personal information we process is information that you knowingly provide to us. However, in other instances, we process personal information that we are able to infer about you based on other information you provide to us or during our interactions with you, or personal information about you that we receive from a third party using a process that we have told you about.
There may be instances in which the personal information that you provide to us or we collect is considered Sensitive Personal Information under the privacy laws of some countries. Those laws define “Sensitive Personal Information” to mean personal information from which we can determine or infer an individual’s racial or ethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, membership in a trade union or professional association, physical or mental health or condition, genetic data, sexual life or judicial data (including information concerning the commission or alleged commission of a criminal offence). We only process Sensitive Personal Information in your jurisdiction if and to the extent permitted by applicable law.
4How We Use Personal Information
Depending on the respective country and applicable laws, we may collect, use and disclose personal information concerning employees in order to:
  • evaluate applications for employment;
  • manage all aspects of an employee’s employment relationship, including, but not limited to, payroll, benefits, corporate travel and other reimbursable expenses, development and training, absence monitoring, performance appraisal, disciplinary and grievance processes and other general administrative and human resource-related processes;
  • develop manpower and succession plans;
  • maintain sickness records and occupational health programs;
  • protect the safety and security of Hyatt guests, staff and property (including controlling and facilitating access to and monitoring activity in secured premises and activity using Hyatt computers, communications and other resources);
  • investigate and respond to claims against Hyatt, its staff and its guests;
  • conduct employee opinion surveys and administer employee recognition programs;
  • administer termination of employment and provide and maintain references;
  • maintain emergency contact and beneficiary details (which involves Hyatt holding information on those you nominate in this respect); and
  • comply with applicable laws (e.g., health and safety), including judicial or administrative orders regarding individual employees (e.g., garnishments or child support payments).
There are Closed Circuit Television (CCTV) cameras in operation within and around our hotels and other premises, which, depending on the respective country and applicable laws, may be used for the following purposes:
  • to prevent and detect crime;
  • to protect the health and safety of Hyatt guests and staff;
  • to manage and protect Hyatt’s property and the property of Hyatt’s staff, guests and other visitors; and
  • for quality assurance purposes, to the extent permitted by applicable law.
We may also utilise “Secret Shopper” or “Mystery Guest” programs, to monitor the quality of our customer service.
We may monitor Internet use and communications in accordance with applicable laws and Hyatt’s Acceptable Use Policy for Information Technology Resources and any other acceptable use policies that may replace, amend or supplement that policy from time to time.
We may retain certain personal information of employees after their employment ends for any residual aspects of the purposes set out above. We will only retain such personal information for as long as it is necessary and in all cases for no longer than permitted by Hyatt’s Records Management Policy and applicable law.
Unless otherwise stated, all personal information we request from you is obligatory. If you do not provide and/or allow us to process all obligatory personal information as requested, we will not be able to keep complete information about you, thus affecting our ability to accomplish the purposes set out above
5Disclosures of Your Personal Information
    5.1General
    In order to carry out the purposes outlined above, information about you will be disclosed for the purposes set out above to human resources staff, line managers, consultants, advisers and other appropriate persons in our hotels and offices.
    5.2Our Agents, Service Providers and Suppliers
    Like many businesses, from time to time, we outsource the processing of certain functions and/or information to third parties. Please note that when you apply for a position with us online, you may be transferred to a third party site with whom Hyatt has contracted to process your personal information on our behalf. When we do outsource the processing of your personal information to third parties or provide your personal information to third-party service providers, we oblige those third parties to protect your personal information in accordance with the terms and conditions of this Policy, with appropriate security measures.
    5.3Business Transfers
    As we continue to develop our business, we may buy or sell hotels and other assets. In such transactions, employee information is generally one of the transferred business assets and we may include your personal information as an asset in any such transfer. Also, in the unlikely event that we, or substantially all of our assets, are acquired, employee information may be one of the transferred assets.
    5.4Legal Requirements
    We reserve the right to disclose any personal information we have concerning you if we are compelled to do so by a court of law or requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws. We also reserve the right to retain personal information collected and to process such personal information to comply with accounting, tax rules, regulations and any specific record retention laws.
6Centralized Data Processing Activities
Like most international businesses, we have centralized certain aspects of our data processing and human resources administration in accordance with applicable laws in order to allow us to better manage our business. That centralization may result in the transfer of personal information from one country to another. For example, some personal information concerning you will be transferred to and processed in the United States if you are employed, or are a candidate for employment: (a) by any Hyatt affiliate located outside of the United States; or (b) as an Executive Committee Member, Department Head or other key employee of any of our entities or affiliated hospitality businesses located outside the United States.
If you are being considered for a position with a Hyatt hotel or affiliated hospitality business in a different country, some personal information concerning you will be transferred to the country where the job opening is located. With your consent personal information concerning you may also be transferred to managers and/or human resources staff of Hyatt affiliates in other locations in accordance with applicable laws in order for them to be able to contact you with respect to applying for a different position. The jurisdictions to which the information will be transferred may or may not have laws that seek to preserve the privacy of personal information. However, whenever your personal information is transferred within Hyatt, your personal information will be processed in accordance with the terms and conditions of this Policy and applicable laws.
7Updating or Accessing Your Personal Information
With some limited exceptions, you may inquire about the personal information we maintain about you by sending us a written request by letter or email to the address set out in Section 10 below. Please be sure to include your full name, current (or last) job title and place of employment with Hyatt and a copy of a document evidencing your identity (such as an ID card or passport) so we can ascertain your identity and the personal information we maintain about you. We may not disclose data that you are not entitled to receive under applicable laws (e.g., data revealing information about another individual).
We reserve the right to charge you a fee, if (and to the extent) permitted under applicable law, which is usually around US$20, for processing any such request. Where you make more than one request in quick succession, we may respond to your subsequent request by referring to our earlier response and only identifying any items that have changed materially.
You may request that we correct, delete or stop processing, personal information that we hold about you on legitimate grounds by sending a letter or email to the address set out in Section 10 below. If we agree that the information is incorrect, or that the processing should be stopped, we will delete or correct the information. If we do not agree that the information is incorrect, we will tell you that we do not agree and record the fact that you consider that information to be incorrect in the relevant file(s).
8Protecting Your Personal Information
The personal information we collect from you is stored by use and/or our service providers on databases protected rough a combination of physical and electronic access controls, firewall technology and other reasonable security measures. Nevertheless, such security measures cannot prevent all loss, misuses or alteration of personal information and we are not responsible for any damages or liabilities relating to any such incidents o the fullest extent permitted by law. Where required under law, we will notify you of any such loss, misuse or alteration of personal information that may affect you, so that you can take the appropriate actions for the due protection of your rights.
9Changes to this Policy
Just as our business changes constantly, this Policy may also change. To assist you, this Policy has an effective date set out at the end of this document.
10Request for Access to Personal Information / Questions or Complaints
If you have any questions about this Policy, about the processing or your personal information as described herein, or any concerns or complaints with regard to the administration of the Policy, or if you would like to submit a request (in the manner described in Section 7 above) for access to the personal information that we maintain about you, please contact us by any of the following means:
  • for current employees, by contacting your line manager or your human resources manager; and
  • for applicants and former employees, by contacting Hyatt’s Chief Privacy Officer at privacy@hyatt.com .
For complaints, further escalation at the employee’s option can be made to the relevant Hotel General Manager and finally to Hyatt’s Chief Privacy Officer by sending an email to privacy@hyatt.com.
While this Policy alone does not create contractual rights, Hyatt has ensured compliance with some of its legal obligations in some countries in relation to personal information by creating a set of binding standards and policies (known in some countries as binding corporate rules), approved by a number of national privacy regulators. As a result, depending on your circumstances and location, you may be able to enforce your privacy rights using those standards and policies through that regulator or a court. If you would like to know more about these standards and policies, please contact Hyatt’s Chief Privacy Officer by sending an email to privacy@hyatt.com.
All requests for access to your personal information must be submitted in writing by letter or email. We may respond to your request by letter, email or any other suitable method.

Effective Date: September 2017



In the event of any inconsistencies between the English version of this Policy, and any version of this Policy in any other language, the English version shall prevail (to the fullest extent permitted under applicable law).