What Does This Notice Cover
This Website Privacy Notice applies only to your use of our website. Our site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
What Is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. If you do not provide us with your personal data, we may not be able to provide you with our services or respond to any questions or requests you submit to us via our website. We will tell you when we ask for personal data which is a contractual requirement or is needed to perform our functions or to comply with our legal obligations.
What Personal Data do we collect and how?
Our site collects certain information automatically, including your IP address, the type of browser you are using, and certain other non-personal data about your computer or device such as your operating system type or version, and display resolution. You can remove or reject cookies using your browser or device settings, but in some cases doing so may affect your ability to use our products and services.
We collect the following personally identifiable information about our users: name, e-mail address, corporate web address, telephone number, business address, preferred means of communication, and other information voluntarily provided. This personally identifiable information is typically provided when users register for online services, subscriptions, communications, surveys, or to request information. We also collect information about users regarding web pages accessed, traffic patterns and site usage.
How We Use the Information We Collect About You
We, our service providers and our vendors may use any information collected by users: to operate the Service; to effect users’ transactions; to provide better services, products and opportunities to users; to notify users about services and opportunities that may be of interest to such users; to create and share reports about users’ transactions; and for other marketing purposes. We may also share your personally identifiable information with other third parties, including our business partners in order to continue to provide our services to you and only if business needs require it.
Security and where we store your personal data.
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organization. We will continue to revise policies and implement additional security features as new technologies become available.
Personal data security is essential to us, and to protect personal data, we take the following measures:
- limiting access to your personal data to those employees and third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;
- procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the relevant Supervisory Authority when legally required to do so;
Cookies are information components stored on your hard drive containing information about you. These pieces of information allow the Service to remember important information that will make your use of the Service more useful. You can choose to reject or turn off the cookies through your browser settings. If you reject or turn off the cookies, you may still use the Service.
We use IP addresses to analyze trends, administer the Service, track users’ movements, and gather demographic information.
Email Confidentiality Policy
What Are My Rights?
Under the General Data Protection Legislation, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in the ‘Contact Us’ section.
- The right to access the personal data we hold about you. ‘Contact Us’ below will tell you how to do this.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details in the ‘Contact Us’ section to find out more.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to withdraw consent. This means that, if we relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
- the right to lodge a complaint with the relevant Supervisory Authority, if you have any cause for complaint about our use of your personal data. We would welcome the opportunity to resolve your concerns ourselves however, so please contact us first, using the details in the ‘Contact Us’ section.
Do You Share My Personal Data?
We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions:
Carefully selected companies that provide services for or on behalf of us, such as companies that help us with IT support and website security. These providers are also committed to protecting your information.
Other Parties When Required by Law or as Necessary to Protect Our Services:
For example, it may be necessary by law, legal process, or court order from governmental authorities to disclose your information. They may also seek your information from us for the purposes of law enforcement, national security or other issues that are related to public security. We will challenge any such requests that are not valid.
Other Parties in Connection with Corporate Transactions:
We may disclose your information to a third party as part of a merger or transfer, acquisition or sale, or in the event of a bankruptcy.
Other Parties with Your Consent or at Your Direction:
In addition to the disclosures described in this Privacy Notice, we may share information about you with third parties when you separately consent to or request such sharing. If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the EEA and under the relevant Data Protection Legislation.
Retention of your personal data.
We will store your personal data only for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship and/or provide our services; (ii) whether there is a legal requirement to which we are subject; and (iii) whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). Please contact us if you wish to obtain further information concerning our retention periods (see ‘Contact Us’ below).
Your use of our website may from time to time involve the transfer, storage, and processing of your personal data to other countries outside of the European Economic Area. We will take appropriate measures, in compliance with applicable law, to ensure that your personal data remains protected. Such measures include the use of Standard Contractual Clauses to safeguard the transfer of data outside of the EEA.
As stated in Part 7 above, we may be requested by law, legal process, or court order from governmental authorities to disclose your information. SHR Group also commit that if we are ever compelled by a valid and binding legal request to disclose visitor/customer data, we will disclose only the minimum amount of data necessary to satisfy the request.
SHR Group does not provide services for purchase by children, nor do we market to children. If you are under the age of 18, please do not submit any personal information through our website. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce this Privacy Notice by instructing their children never to provide personal information via our website without their guardian’s consent.
Disclosure Required by Law
We cooperate with law enforcement agencies in identifying those who use the Service for illegal activities. Therefore, we respond to subpoenas, warrants or other court orders regarding information concerning any users. We will, at our discretion, disclose information if we believe that we are required to do so by law, that such disclosure is necessary to protect us from legal liability or that we should do so to protect the integrity of the Service.
General Data Protection Regulation (GDPR)
As a leading Hospitality Resource platform and services provider, SHR Group, Strategy Hospitality Resources, has made the security and protection of your data a top priority by using state-of-the-art physical, technological, and procedural security safeguards.
The cornerstone to our platform is a rigorous security system that we—and by extension, you—can trust. We employ multiple safeguards and security protocols that are trusted in the industry with the singular goal of ensuring your data are protected.
We use multiple security measures, such as firewalls, Encryption, IDS/IPS, Physical/Logical security and Regular Security Audits (to name a few) to safeguard the confidentiality of our users’ personally identifiable information. Information we collect about our users is stored on secured servers.
If you should have any questions about the security of the Services or SHR Group environment, please inquire by sending an e-mail to [email protected].
Resolution of Complaints
In compliance with the Privacy Shield principles, SHR Group commits to the resolution of complaints and our collection or use of your Information. We have also committed to resolve any complaints pursuant to the Privacy Shield Privacy Principles by European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact SHR Group at: [email protected].
SHR Group has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to the unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Correction/Updating Personally Identifiable Information
You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personally identifiable information, or if you no longer desire SHR Group’s services, we will endeavor to provide a way to correct, update or remove the data you provided to us. Please note that any such communication must be in writing by sending an e-mail to [email protected]. In the event that we cannot provide you with access to your personal information, we will endeavor to inform you of the reasons why, subject to any legal or regulatory restrictions.
Your Consent; Notification of Changes
SHR Group’s full Standard Operating Procedure (SOP) for GDPR can be provided upon request by emailing [email protected].
SHR Group being responsible for the security of cardholder data that it possesses, or otherwise stores, processes, or transmits on behalf of our clients, or to the extent that SHR Group could impact the security of the customer’s cardholder data environment; it will maintain the necessary technical and organizational measures needed to protect the security and availability of any Data created, collected, received or otherwise obtained to provide SHR Group services.
In particular, these technical and organizational measures control access to the premises where Data are Processed (physical access control), access to the IT systems via which Data are Processed (system access control), access to the Data themselves (data access control), the disclosure of the Data to other parties (data transfer control), when and how the Data are entered or modified (entry control), how subcontractors process Data (control of instructions), the availability of the Data (availability control), and the separate processing of the Data from other data, including other personal data (separation control).
All SHR Group client’s user accounts that provide access to cardholder data complies with all the requirements described by the PCI DSS V 3.2.1 guidelines, as well as comply with any future requirements or documents released by the PCI council as it applies to SHR Group and our clients’ environment.
A copy of SHR Group’s Attestation of Compliance (AOC) for PCI-DSS can be provided upon request by emailing [email protected].
Privacy Shield Certification
SHR Group is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). Additionally, SHR Group complies with the EU-US Privacy Shield and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union member countries and Switzerland to the United States. SHR Group has certified to the Department of Commerce that it adheres to the Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Privacy Shield, and to view SHR Group’s certification, please visit https://www.privacyshield.gov.
SHR Group, as the processor of data for our clients/hotels (Processor of data according to GDPR), does collect Personally Identifiable Information (PII) during the room reservation process. However, the PII data collected is not shared with any other organization outside of the specific hotels that have taken the reservation, as they are the owners of the data (controllers of data according to GDPR).
SHR Group’s active membership can be viewed at Privacy Shield Active member list.
Personal Information Protection and Electronic Documents Act (PIPEDA)
SHR Group complies with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”). PIPEDA sets out rules for the collection, use and disclosure of personal information in the course of commercial activity as defined in the Act.
SHR Group fully complies with the 10 principles of PIPEDA which are Accountability, Identifying Purposes, Consent, Limiting collection, Limiting Use Disclosure and Retention, Accuracy, Safeguards, Openness, Individual Access, Provide Recourse.
Any questions or concern about SHR Group’s personal information handling practices may be directed to the Privacy Officer. Requests for access to information, or to make a complaint, are to be made in writing (via letter or email) and sent to the Privacy Officer at the address;
Houston, TX 77043
Toll Free: +1 800 252 0522
Email address: [email protected]
If the hotel client is dissatisfied with the finding and corresponding action taken by SHR Group’s Privacy Officer, the hotel client may bring a complaint to the Federal Privacy Commissioner at the address below:
The Privacy Commissioner of Canada
112 Kent Street
Place de Ville
Tower B, 3rd Floor
Ottawa, Ontario K1A 1H3
Toll Free +1 800 282 1376
Email: [email protected]
SHR Group’s full Standard Operating Procedure (SOP) for PIPEDA can be provided upon request by emailing [email protected].