PERJANJIAN PERLINDUNGAN DATA PRIBADI PELANGGAN

Karena kami menganggap Anda sebagai tamu yang penting, prioritas utama kami adalah untuk menawarkan kepada Anda pengalaman menginap yang luar biasa di seluruh dunia. Kepuasan penuh dan kepercayaan Anda kepada Accor sangatlah penting bagi kami.
Karena itu, sebagai bagian dari komitmen kami untuk memenuhi harapan Anda, kami telah menerapkan (bahkan jauh sebelum penerapan Peraturan Umum Perlindungan Data (General Regulations on Data Protection - GDPR)) kebijakan perlindungan data pribadi. Perjanjian ini menyatakan komitmen kami kepada Anda dan menjelaskan cara Grup Accor menggunakan data pribadi Anda.

Dalam perjanjian tersebut, "Group Accor" berarti:

1. Accor SA, yakni perusahaan induk Group Accor, yang berkantor pusat di 82 rue Henri Farman, 92130 Issy-les-Moulineaux, Prancis;
2. Anak perusahaan dan perusahaan lain yang berafiliasi dengan Accor SA yang terlibat dalam bisnis perhotelan hotel Grup Accor; dan
3. Hotel di seluruh dunia yang beroperasi di bawah naungan merek Grup Accor (Raffles, Sofitel Legend, Fairmont, SO/, Sofitel, onefinestay, Rixos, MGallery by Sofitel, Pullman, Swissôtel, 25hours Hotels, Novotel, Mercure, Mama Shelter, Adagio, JO&JOE, ibis, ibis Styles, ibis budget, Grand Mercure, The Sebel, dan hotelF1). Daftar merek tersebut diperbarui secara rutin dan dapat dilihat di situs web www.accorhotels.com.

Senang bertemu Anda!
Senang mengetahuinya!
Anda mungkin tidak tahu, namun hotel yang Anda pesan mungkin bukan milik Accor SA atau afiliasinya. Sebagian besar hotel yang beroperasi di bawah naungan salah satu merek Grup Accor sebenarnya menggunakan kontrak waralaba atau "pengelolaan" antara pemilik hotel dan Accor SA (atau salah satu anak perusahaannya di seluruh dunia). Karena itu, jika Anda menginap di salah satu hotel tersebut, data pribadi Anda akan diproses oleh Accor SA dan hotel terkait, masing-masing bertindak sebagai pengendali data dengan tujuan masing-masing. Rangkuman:

• Accor SA memproses data Anda karena bertugas mengelola sistem reservasi pusat yang memungkinkan Accor SA mengumpulkan data yang diperlukan untuk mengatur masa menginap Anda di hotel yang beroperasi di bawah naungan salah satu merek Accor dan menginformasikan data tersebut ke hotel terkait. Accor SA juga mengelola database global tamu yang menginap di hotel yang beroperasi di bawah naungan salah satu merek Accor. Dibantu anak perusahaannya, PRO-FID SAS, Accor SA juga mengelola program loyalitas Le Club Accor;
• Setiap hotel memproses data Anda untuk mengelola hubungan kontraktualnya dengan Anda (penagihan, pembayaran, pengelolaan reservasi, dll.), untuk melaksanakan aktivitas pemasaran kami, dan untuk memenuhi kewajiban hukumnya.

Accor SA telah menginformasikan prinsip-prinsip yang ditetapkan dalam perjanjian ini ke semua hotel yang beroperasi di bawah naungan merek Accor dan masing-masing pemiliknya. Kami akan berupaya sebaik mungkin untuk memastikan semua hotel mematuhi peraturan hukum yang berlaku tentang perlindungan data pribadi serta perjanjian ini.

Sesuai dengan peraturan yang berlaku, terutama Peraturan Umum Perlindungan Data yang diterapkan di Eropa, kami telah menyusun 10 prinsip berikut ini terkait pemrosesan data Anda dalam Grup Accor:

1. Legalitas: kami menggunakan data pribadi hanya jika:
   • kami telah memperoleh persetujuan dari pemilik data, ATAU
   • data pribadi diperlukan untuk pelaksanaan kontrak yang melibatkan pemilik data, ATAU
   • data pribadi diperlukan untuk memenuhi kewajiban hukum, ATAU
   • data pribadi diperlukan untuk menjaga keamanan kepentingan vital pemilik data, ATAU
   • kami memiliki kepentingan hukum dalam penggunaan data pribadi dan penggunaan tersebut tidak akan memengaruhi kebebasan dan kepentingan pemilik data.
2. Loyalitas: kami akan menjelaskan kepada Anda cara kami menggunakan data pribadi yang kami kumpulkan
3. Pembatasan tujuan dan peminimalan data: kami hanya akan mengumpulkan data pribadi yang benar-benar diperlukan. Jika kami dapat mencapai hasil yang sama menggunakan sedikit data pribadi, maka kami akan memastikan untuk hanya menggunakan data tersebut.
4. Transparansi: kami memberi tahu pengguna tentang cara kami menggunakan data mereka.
5. Kami membantu penerapan hak mereka oleh pihak terkait: akses ke data, perbaikan dan penghapusan data, serta penolakan pemrosesan data pribadi.
6. Jangka waktu penyimpanan: kami akan menyimpan data pribadi hanya selama jangka waktu tertentu.
7. Kami memastikan keamanan data pribadi terkait integritas dan kerahasiaannya.
8. Jika pihak ketiga perlu menggunakan data pribadi, kami akan memastikan mereka dapat melindungi keamanannya.
9. Jika data pribadi harus dikirim ke luar Uni Eropa, kami akan memastikan pengiriman tersebut sesuai dengan ketentuan yurisdiksi yang tepat.
10. Jika data pribadi terganggu (hilang, dicuri, rusak, tidak tersedia...), kami akan memberitahukan pelanggaran tersebut kepada lembaga perlindungan data yang kompeten di negara terkait serta pemilik data, jika pelanggaran tersebut memiliki kemungkinan akan menimbulkan risiko besar terhadap hak dan kebebasan subyek yang bersangkutan.

Jika Anda memiliki pertanyaan tentang 10 prinsip perlindungan data Accor, silakan menghubungi layanan Perlindungan Data Pribadi, yang rincian kontaknya tercantum dalam klausul "Hak Anda".

Dalam berbagai kesempatan, kami dapat meminta informasi tentang Anda atau teman menginap Anda, terutama:

• o Rincian kontak (misalnya, nama belakang, nama depan, nomor telepon, email);
• Informasi pribadi (misalnya, tanggal lahir dan kebangsaan);
• Informasi yang terkait dengan anak Anda (misalnya nama depan, tanggal lahir, usia);
• Nomor kartu kredit Anda (untuk keperluan transaksi dan reservasi);
• Informasi pada bukti identitas (misalnya, KTP, paspor, atau SIM);
• Nomor anggota program loyalitas Accor Anda atau program mitra lainnya (misalnya program loyalitas maskapai penerbangan) dan informasi mengenai aktivitas Anda di dalam program loyalitas;
• Tanggal kedatangan dan keberangkatan Anda;
• Preferensi dan minat Anda (misalnya, kamar merokok atau tidak merokok, pilihan lantai, jenis tempat tidur, jenis koran/majalah, olah raga, minat budaya, preferensi makanan dan minuman, dll.);
• Pertanyaan dan komentar Anda, selama atau setelah menginap di salah satu hotel yang berada di bawah naungan merek Accor;
• Informasi teknis dan lokasi yang dihasilkan terkait penggunaan situs web dan aplikasi kami.

Informasi yang dikumpulkan terkait dengan orang yang berusia di bawah 16 tahun terbatas pada nama, kebangsaan, dan tanggal lahir, yang hanya dapat diberikan kepada kami oleh orang dewasa. Kami akan sangat berterima kasih apabila Anda dapat memastikan bahwa anak Anda tidak mengirimkan data pribadi apa pun kepada kami tanpa persetujuan Anda (khususnya melalui Internet). Jika pengiriman data pribadi tersebut terjadi, Anda dapat menghubungi Departemen Perlindungan Data Pribadi (lihat klausul "Hak Anda" di bawah ini) untuk menghapus informasi tersebut.
Agar dapat memenuhi permintaan Anda atau memberi Anda layanan yang spesifik (misalnya, diet tertentu), kami mungkin harus meminta informasi sensitif, misalnya yang terkait dengan ras atau etnis, pendapat politik, kepercayaan religius dan filosofi, keanggotaan serikat, atau rincian mengenai kesehatan atau orientasi seksual. Dalam kasus tersebut, kami akan mengumpulkan data ini hanya setelah Anda menyetujuinya.

Data pribadi dapat dikumpulkan dalam berbagai kesempatan, terutama:

1. Aktivitas di hotel:
   • Reservasi kamar;
   • >Check-in dan pembayaran;
   • Menginap di hotel dan layanan yang berikan selama menginap;
   • Makan/minum di bar atau restoran hotel pada saat menginap;
   • Permintaan, keluhan, dan/atau sengketa.
2. Partisipasi dalam program atau acara pemasaran:
   • Mendaftarkan diri untuk program loyalitas;
   • Partisipasi dalam survei kepuasan (contohnya, Survei Kepuasan Tamu);
   • Game atau kompetisi online;
   • Berlangganan buletin, untuk menerima penawaran dan promosi melalui email.
3. Pengiriman informasi dari pihak ketiga:
   • Operator tur, agen/biro perjalanan (online atau offline), sistem reservasi GDS dan lainnya;
4. Aktivitas Internet:
   • Sambungan ke situs Accor (alamat IP, cookies yang sesuai dengan kebijakan kami tentang penggunaan pelacak);
   • Formulir online (reservasi online, kuesioner, halaman Accor di jejaring sosial, perangkat log-in menggunakan kredensial jejaring sosial seperti Facebook, percakapan dengan agen layanan tamu atau "chatbot", dll.).

Tabel di bawah ini menunjukkan tujuan kami memproses data Anda, dasar hukum pemrosesan tersebut, dan jangka waktu penyimpanan terkait:

Tujuan/Aktivitas	Dasar hukum pemrosesan, termasuk kepentingan hukumnya	Jangka waktu penyimpanan
Memenuhi kewajiban kami kepada klien.	Pemrosesan diperlukan untuk pelaksanaan kontrak yang melibatkan Anda. Pemrosesan diperlukan untuk memenuhi kewajiban hukum. Pemrosesan diperlukan untuk memenuhi kepentingan sah kami dalam mengelola aktivitas bisnis kami serta memberi Anda produk dan layanan yang diminta.	10 tahun sejak reservasi sesuai dengan kewajiban hukum.
Mengelola permintaan reservasi kamar dan akomodasi, terutama dalam membuat dan menyimpan dokumen hukum sesuai dengan standar akuntansi.
Mengelola kunjungan Anda di hotel: Mengelola akses ke kamar-kamar Memonitor penggunaan layanan oleh Anda (telepon, bar, TV berbayar, dll.).	Pemrosesan diperlukan untuk pelaksanaan kontrak yang melibatkan Anda. Pemrosesan diperlukan untuk memenuhi kepentingan sah kami dalam mengelola aktivitas bisnis kami serta memberi Anda produk dan layanan yang diminta.	Selama Anda menginap.
Mengelola relasi kami dengan klien sebelum, selama, dan sesudah Anda menginap: Mengelola program loyalitas Memasukkan rincian kepada database tamu Analisa segmentasi didasarkan pada riwayat reservasi dan pilihan perjalanan klien dengan tujuan untuk mengirimkan komunikasi bertarget, sesuai persyaratan dalam Petunjuk ePrivacy Uni Eropa (2002/58/CE sebagaimana dimodifikasi pada tahun 2009) Memprediksi dan mengantisipasi perilaku tamu yang akan datang Membuat statistik dan penilaian komersial, dan melaksanakan pelaporan Memberikan data kontekstual ke alat bantu pemasaran. Tindakan ini dilakukan ketika tamu sedang mengunjungi situs laman Grup atau telah melakukan reservasi Mengetahui dan mengelola preferensi dari tamu baru atau tamu yang sudah menjadi pelanggan tetap Mengirimi Anda buletin, promosi, dan penawaran pariwisata, hotel, atau layanan, atau penawaran dari mitra Accor SA, atau menghubungi Anda melalui telepon, sesuai persyaratan dalam Petunjuk ePrivacy Uni Eropa (2002/58/CE sebagaimana dimodifikasi pada tahun 2009).	Pemrosesan diperlukan untuk melaksanakan kontrak yang melibatkan Anda dan mengelola keanggotaan program loyalitas Anda. Pemrosesan diperlukan untuk memenuhi kepentingan sah kami dalam mempromosikan layanan kami, melaksanakan tindakan pemasaran (dengan memperhitungkan hubungan komersial Anda dengan salah satu entitas Grup Accor), dan meningkatkan layanan kami.	Jika Anda bukan anggota program loyalitas, 3 tahun sejak tanggal Anda terakhir kali berinteraksi dengan kami, dalam cara apa pun. Jika Anda merupakan anggota program loyalitas, 6 tahun sejak tanggal Anda terakhir kali berinteraksi dengan kami, dalam cara apa pun.
Meningkatkan layanan hotel kami, khususnya: Mempersonalisasi penyambutan Anda saat check-in di hotel, serta meningkatkan kualitas layanan dan pengalaman tamu Pemrosesan data pribadi Anda dalam program pemasaran klien kami untuk melaksanakan operasi pemasaran, mempromosikan merek, serta mendapatkan pemahaman yang lebih baik mengenai permintaan dan harapan Anda Menyesuaikan produk dan layanan kami agar dapat memenuhi permintaan Anda dengan lebih baik Menyesuaikan penawaran komersial dan pesan promosi yang kami kirimkan kepada Anda Menginformasikan kepada Anda mengenai penawaran khusus dan setiap layanan baru yang dibuat oleh Accor SA atau salah satu anak perusahaannya atau salah satu mitranya.	Pemrosesan diperlukan untuk melaksanakan kontrak yang melibatkan Anda dan mengelola keanggotaan program loyalitas Anda. Pemrosesan diperlukan untuk memenuhi kepentingan sah kami dalam mempromosikan layanan kami, melaksanakan tindakan pemasaran (dengan memperhitungkan hubungan komersial Anda dengan salah satu entitas Grup Accor), dan meningkatkan layanan kami.	Jika Anda bukan anggota program loyalitas, 3 tahun sejak tanggal Anda terakhir kali berinteraksi dengan kami, dalam cara apa pun.
Menggunakan pihak ketiga yang tepercaya untuk memeriksa, menganalisis, dan menggabungkan data Anda yang telah dikumpulkan pada saat reservasi atau pada saat Anda menginap, untuk menentukan minat dan mengembangkan profil Anda, serta memungkinkan kami untuk mengirimkan penawaran yang dipersonalisasi.	Pemrosesan diperlukan untuk memenuhi kepentingan sah kami dalam mempromosikan layanan kami, melaksanakan tindakan pemasaran (dengan memperhitungkan hubungan komersial Anda dengan salah satu entitas Grup Accor), dan meningkatkan layanan kami.	Jika Anda bukan anggota program loyalitas, 3 tahun sejak tanggal Anda terakhir kali berinteraksi dengan kami, dalam cara apa pun. Jika Anda merupakan anggota program loyalitas, 6 tahun sejak tanggal Anda terakhir kali berinteraksi dengan kami, dalam cara apa pun.
Meningkatkan layanan Accor SA, khususnya: Melakukan survei dan analisis kuesioner dan komentar tamu Mengelola klaim/keluhan Menawarkan kepada Anda manfaat program loyalitas.	Pemrosesan diperlukan untuk melaksanakan kontrak yang melibatkan Anda dan mengelola keanggotaan program loyalitas Anda. Pemrosesan diperlukan untuk memenuhi kepentingan sah kami dalam mempromosikan layanan kami, melaksanakan tindakan pemasaran (dengan memperhitungkan hubungan komersial Anda dengan salah satu entitas Grup Accor), dan meningkatkan layanan kami.	Jika Anda bukan anggota program loyalitas, 3 tahun sejak tanggal Anda terakhir kali berinteraksi dengan kami, dalam cara apa pun. Jika Anda merupakan anggota program loyalitas, 6 tahun sejak tanggal Anda terakhir kali berinteraksi dengan kami, dalam cara apa pun. 6 tahun sejak tanggal penutupan berkas klaim atau keluhan Anda.
Mengamankan dan meningkatkan penggunaan situs laman, aplikasi, dan layanan Accor SA lainnya, khususnya: Meningkatkan navigasi Bantuan dan pemeliharaan, serta Mengimplementasikan tindakan keamanan dan pencegahan penipuan.	Pemrosesan diperlukan untuk memenuhi kepentingan sah kami dalam mengelola aktivitas bisnis kami serta melaksanakan layanan TI, administrasi, dan keamanan jaringan untuk mencegah penipuan.	13 bulan sejak pengumpulan informasi.
Pengelolaan internal daftar tamu yang telah berlaku tidak sopan selama menginap di hotel (agresif, antisosial, tidak mematuhi kontrak hotel, tidak mematuhi peraturan keamanan, melakukan pencurian, perusakan dan vandalisme, atau insiden dalam pembayaran).	Pemrosesan diperlukan untuk memenuhi kepentingan sah kami dalam mengelola aktivitas kami serta melaksanakan layanan TI, administrasi, dan keamanan jaringan untuk mencegah penipuan.	Maksimum 122 hari sejak pemberkasan kejadian.
Mengamankan transaksi pembayaran dengan menentukan tingkat risiko penipuan yang terkait dengan setiap transaksi. Dalam kasus tersebut, Accor SA dan semua hotelnya dapat menggunakan layanan pencegahan risiko yang disediakan oleh penyedia Grup Accor untuk menyempurnakan analisis mereka. Berdasarkan hasil analisis yang dilakukan, Grup Accor dapat mengambil tindakan pengamanan, terutama dengan meminta tamu menggunakan saluran reservasi atau bentuk pembayaran lain. Tindakan pengamanan tersebut dapat menimbulkan penangguhan pelaksanaan reservasi atau, jika hasil analisis tidak menjamin keamanan reservasi, pembatalan reservasi. Penggunaan cara pembayaran menipu yang menimbulkan pembayaran gagal dapat membuat tamu dimasukkan dalam berkas insiden Grup Accor, yang dapat menyebabkan Grup Accor memblokir pembayaran berikutnya atau tidak melaksanakan kontrol tambahan.	Pemrosesan diperlukan untuk memenuhi kepentingan sah kami dalam mengelola aktivitas kami dan mencegah risiko penipuan.	90 hari untuk analisis dan kontrol, kemudian 2 tahun di database terpisah untuk tujuan peningkatan sistem. Jika insiden diberkaskan, 2 tahun sejak pemberkasan atau hingga masalah diperbaiki jika perbaikan dilakukan sebelum pemberkasan.
Mengamankan barang dan orang serta menyelesaikan utang yang belum lunas. Untuk hal ini, beberapa hotel memiliki fitur yang memungkinkan mereka memasukkan ke dalam kategori tamu "tidak kooperatif", semua tamu dengan perilaku tidak patut yang terkait dengan kategori berikut ini: agresif dan perilaku antisosial, tidak mematuhi kontrak hotel, tidak mematuhi peraturan keamanan, pencurian, perusakan dan vandalisme, atau insiden pembayaran. Status "tidak kooperatif" dapat membuat hotel yang memasukkan kategori tersebut mengirimkan penolakan reservasi kepada tamu bila tamu tersebut kembali melakukan reservasi di hotel yang sama.	Pemrosesan diperlukan untuk memenuhi kepentingan sah kami dalam mengelola aktivitas kami, mengamankan barang dan orang, serta menyelesaikan utang yang belum lunas.	122 hari terhitung sejak pemberkasan.
Menggunakan layanan yang diperlukan untuk mencari identitas orang yang menginap di hotel Grup Accor jika terjadi peristiwa serius yang berdampak pada hotel yang terkait (bencana alam, serangan teroris, dll.).	Pemrosesan diperlukan untuk melindungi kepentingan vital tamu.	Selama peristiwa terjadi.
Mematuhi semua peraturan yang berlaku (misalnya, penyimpanan dokumen akuntansi), termasuk: Mengelola permintaan untuk berhenti berlangganan buletin, promosi, penawaran pariwisata, dan survei kepuasan Mengelola permintaan subjek data untuk melindungi data pribadi mereka.	Pemrosesan diperlukan untuk memenuhi kewajiban hukum.	Selama jangka waktu yang ditetapkan dalam peraturan setempat yang berlaku.

Grup Accor beroperasi di berbagai negara, dan kami berusaha untuk menyediakan layanan yang sama di seluruh dunia. Karena itu, kami harus memberikan data pribadi Anda kepada pihak internal dan eksternal, dengan ketentuan berikut ini:
Secara khusus, data yang terkait dengan masa menginap, preferensi, kepuasan, dan, bila berlaku, program loyalitas Anda dapat diakses oleh semua hotel yang beroperasi di bawah naungan merek Grup Accor. Data tersebut digunakan untuk meningkatkan kualitas layanan dan pengalaman di setiap hotel tersebut. Dalam hal ini, data Anda akan diproses bersama-sama oleh Accor S.A dan hotel-hotelnya. Untuk memenuhi kepentingan hukum ini sekaligus mempertahankan hak dan kebebasan Anda, kewajiban serta tanggung jawab Accor SA dan setiap hotel telah diterjemahkan dalam kontrak khusus tentang tanggung jawab bersama. Kapan pun Anda dapat menolak akses bersama ke informasi ini oleh hotel dan Accor SA dengan menghubungi Departemen Perlindungan Data Pribadi yang rincian kontaknya terdapat dalam klausul "Hak Anda". Anda juga dapat meminta pernyataan baris utama kontrak tanggung jawab bersama.

1. Kami memberikan data Anda kepada pihak dan layanan berwenang tertentu dalam Grup Accor, agar dapat memberi Anda pengalaman terbaik di hotel kami. Berikut pihak yang dapat mengakses data Anda:
   • Staf hotel;
   • Staf reservasi yang menggunakan perangkat reservasi Accor;
   • Departemen TI;
   • Mitra komersial dan layanan pemasaran;
   • Layanan medis jika sesuai;
   • Umumnya, setiap orang di dalam entitas Grup Accor yang pantas untuk kategori data pribadi tertentu.
2. Kepada penyedia layanan dan mitra: data pribadi Anda mungkin dikirim ke pihak ketiga dengan tujuan memberikan layanan kepada Anda dan meningkatkan pengalaman menginap Anda, terutama:
   • Penyedia layanan eksternal: Subkontraktor TI, pusat panggilan internasional, bank, penerbit kartu kredit, pengacara eksternal, operator, printer.
   • Mitra komersial: Accor SA dapat, kecuali Anda menyatakan lain kepada Departemen Perlindungan Data Pribadi, meningkatkan profil Anda dengan memberikan informasi pribadi tertentu kepada mitra komersial yang dipilih. Dalam hal ini, pihak ketiga yang tepercaya dapat melakukan pemeriksaan silang, menganalisis, dan menerapkan perangkat tertentu pada data Anda. Pemrosesan data ini akan mengizinkan Accor SA dan mitra kontraktual yang dipilih untuk menentukan minat dan profil tamu Anda, dan akan mengizinkan kami untuk mengirimkan penawaran pribadi kepada Anda.
   • Situs jejaring sosial: Untuk memudahkan Anda mengidentifikasi diri di situs web Accor tanpa perlu mengisi formulir pendaftaran, Accor SA menggunakan sistem sambungan ke jejaring sosial. Jika Anda membuka situs kami menggunakan sistem ini, berarti Anda secara tegas mengautorisasi Accor SA untuk mengakses data publik akun Anda di jejaring sosial terkait (misal: Facebook, LinkedIn, Google, Instagram ...), serta data lainnya yang disebutkan saat Anda menggunakan log-in jejaring sosial ini. Accor SA juga dapat dengan aman mengirimkan alamat email Anda ke jejaring sosial guna mengetahui apakah Anda telah menjadi pengguna salah satu jejaring sosial tersebut untuk, jika perlu, menampilkan iklan yang disesuaikan dan relevan di akun jejaring sosial Anda.
3. Pihak berwenang setempat: kami mungkin juga diwajibkan untuk mengirimkan informasi Anda kepada pihak berwenang setempat apabila diminta oleh undang-undang atau sebagai bagian dari pemeriksaan dan sesuai dengan peraturan perundang-undangan setempat.

Untuk tujuan sebagaimana disebutkan dalam klausul 6 perjanjian ini, kami dapat mengirimkan data pribadi Anda kepada penerima internal atau eksternal yang mungkin berada di negara yang memberikan tingkat perlindungan data pribadi yang berbeda.
Sebagai akibatnya, selain untuk mengimplementasikan perjanjian ini, Accor akan melakukan upaya yang tepat untuk memastikan keamanan pengiriman data pribadi Anda ke entitas Accor atau ke penerima eksternal yang berlokasi di negara yang memiliki tingkat privasi yang berbeda dari negara tempat data pribadi dikumpulkan. Data Anda mungkin dikirim, khususnya sebagai bagian dari proses reservasi, ke hotel-hotel Accor yang berlokasi di luar Uni Eropa, khususnya di negara-negara berikut ini: Afrika Selatan, Aljazair, Andorra, Angola, Arab Saudi, Argentina, Australia, Bahrain, Benin, Myanmar, Brasil, Kamboja, Kamerun, Kanada, Cile, Tiongkok, Kolombia, Korea Selatan, Pantai Gading, Kuba, Mesir, Uni Emirat Arab, Ekuador, Amerika Serikat, Fiji, Ghana, Guatemala, Guinea Ekuatorial, India, Indonesia, Israel, Jepang, Yordania, Kuwait, Laos, Lebanon, Madagaskar, Malaysia, Maroko, Mauritius, Meksiko, Monako, Nigeria, Selandia Baru, Oman, Uzbekistan, Panama, Paraguay, Peru, Filipina, Qatar, Republik Demokratik Kongo, Republik Dominika, Rusia, Senegal, Singapura, Swiss, Chad, Thailand, Togo, Tunisia, Turkimenistan, Turki, Ukraina, Uruguay, Vietnam, Yaman, Taiwan.
Selain data yang diperlukan untuk melakukan reservasi Anda, aliran data ke negara-negara dengan tingkat perlindungan data pribadi yang berbeda diatur oleh klausul kontraktual standar sebagaimana ditetapkan oleh Komisi Eropa.

Accor SA melakukan upaya-upaya teknis dan organisasi sesuai dengan ketentuan hukum yang berlaku (terutama klausul 32 dalam GDPR), untuk melindungi data pribadi Anda dari penghancuran, kehilangan atau pengubahan, penyalahgunaan dan akses tidak sah, modifikasi atau pengungkapan, baik yang dilakukan secara melanggar hukum atau tidak disengaja. Sampai saat ini, kami telah melakukan upaya-upaya teknis (seperti firewall) dan upaya organisasi (seperti ID pengguna/sistem kata sandi, cara perlindungan fisik, dll.) untuk memastikan kerahasiaan, integritas, ketersediaan, serta ketahanan sistem dan layanan pemrosesan. Pada saat Anda memasukkan data kartu kredit ketika melakukan reservasi, teknologi enkripsi SSL (Secure Socket Layer) digunakan untuk menjamin keamanan transaksi. Upaya organisasi memastikan keamanan pemrosesan.

Accor SA menggunakan cookie dan pelacak lainnya di situs web. Untuk mengetahui selengkapnya tentang penggunaan pelacak tersebut oleh Accor dan cara mengonfigurasinya, lihat kebijakan kami tentang pelacak melalui link "Cookies" di bagian bawah halaman situs kami.

Anda berhak untuk mendapatkan informasi dan mengakses data pribadi Anda yang dikumpulkan oleh Accor SA, sesuai dengan ketentuan peraturan hukum yang berlaku.
Anda juga berhak untuk meminta data Anda diperbaiki, dihapus, atau dibatasi. Selain itu, Anda memiliki hak atas portabilitas data Anda dan hak untuk menetapkan instruksi pemrosesan data setelah Anda meninggal (atau selama mungkin). Anda juga dapat menolak pemrosesan data Anda, terutama menolak penggunaan bersama data tentang masa menginap, preferensi, dan kepuasan Anda oleh semua hotel Grup Accor.
Jika Anda ingin menggunakan hak Anda, silakan langsung menghubungi departemen yang menangani data pribadi untuk Grup Accor dengan mengirim email ke data.privacy@accor.com atau dengan mengirimkan surat ke alamat berikut: Accor
Département Protection des Données Personnelles
(Data Privacy Department)
82, rue Henri Farman – ACC 1208
CS 20077
92445 Issy-les-Moulineaux, FRANCE Untuk keperluan kerahasiaan dan perlindungan data, kami perlu mengidentifikasi Anda untuk menanggapi permintaan Anda. Untuk alasan ini, jika terdapat keraguan atas identitas Anda, Anda akan diminta untuk menyertakan salinan bukti identifikasi resmi tertentu, seperti KTP atau paspor, dengan permintaan Anda. Anda dapat menyertakan salinan hitam-putih bagian depan salah satu dokumen tersebut.
Semua permintaan akan ditanggapi sesegera mungkin dan sesuai dengan ketentuan hukum yang berlaku.
Anda juga dapat menggunakan hak Anda berkaitan dengan data pribadi yang disimpan dan diproses oleh hotel yang bertanggung jawab atas pemrosesan. Untuk melakukannya, Anda harus menghubungi langsung hotel terkait. Anda akan menemukan semua informasi yang diperlukan untuk menghubungi hotel di situs web www.accorhotels.com. Sebagai pelengkap, harap kirimkan email ke Departemen Perlindungan Data Pribadi di data.privacy@accor.com atau surat ke alamat pos yang tercantum di atas.
Terakhir, Anda dapat mengajukan klaim ke autoritas pengawas dan Anda dapat menghubungi pejabat perlindungan data Accor dengan mengirim email ke accorhotels.dpo(at)accor.com atau mengirim surat ke alamat pos yang tercantum di atas.
Jika Anda berada di Australia atau Selandia Baru dan ingin mengajukan keluhan tentang cara kami mengumpulkan, menggunakan, atau mengungkapkan data pribadi, Anda juga dapat mengirim email ke privacy.au@accor.com.

Kami dapat mengubah perjanjian ini secara berkala. Karena itu, kami menyarankan Anda untuk melihatnya secara rutin, khususnya ketika melakukan reservasi di salah satu hotel kami.

Jika Anda memiliki pertanyaan tentang kebijakan data pribadi dalam Grup Accor, silakan menghubungi Departemen Perlindungan Data Pribadi (lihat klausul "Hak Anda").

Accor SA is established in France and as such its data processing activities first have to be compliant with the European General Data Protection Regulation (“GDPR”). But in addition to the GDPR, there are other laws and regulations which, depending on your specific situation, may also govern the use of your personal data. You will find below additional information that may apply to you. 

 

14.1. Privacy Notice for California residents

This “Privacy Policy for California residents” is part of the Accor SA “Customer Personal Data Protection Charter” and should therefore be read in conjunction with it. 

The California Consumer Privacy Act 2018 (“CCPA”) requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, and sale of personal information and of the rights of California residents regarding their personal information.

The CCPA defines “Personal Information” as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. In the context of this “Privacy Policy for California residents” section, the term “Personal Information” will refer to this information.

Accor SA may collect the categories of Personal Information as described in section 4. What personal data is collected? of our Customer Personal Data Protection Charter. 

If you would like more details about when your Personal Information is collected, what purposes it is collected for and how long we retain it, please see sections below of our Customer Personal Data Protection Charter:

5. When is your personal data collected? 

6. What purposes is your data collected for and how long do we retain it? 

 

In addition to the purposes set forth in our Customer Personal Data Protection Charter, we currently collect and have collected and “sold” (see section “Do Not Sell” below) Personal Information for the following business or commercial purposes:

·       Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards

·       Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity

·       Debugging to identify and repair errors that impair existing intended functionality

·       Performing services, including maintaining or servicing accounts, providing customer service, processing reservations, verifying customer information, processing payments, providing advertising or marketing services, or providing analytic services

·       Undertaking activities to verify or maintain the quality or safety of our services, and to improve, upgrade, or enhance same

·       Commercial purposes, such as by inducing another person to buy, join, subscribe to, provide, or exchange property or information, or enabling or effecting, directly or indirectly, a commercial transaction 

 

We may share your Personal Information with internal and external recipients subject to the conditions set forth in section 7. Conditions of third-party access to your personal data of our Customer Personal Data Protection Charter. The categories of third parties to whom your Personal Information may be disclosed or “sold” (see section “Do Not Sell” below) on a need-to-know basis are:

·       Service Providers: external Service Providers;

·       Other Third Parties: appropriate persons within hotels and Accor Group entities; commercial partners; social networking sites; local authorities (if and as legally required).

 

We do not knowingly “sell” (see section “Do Not Sell” below) the Personal Information of minors under 16 years of age. For more information on data collected in relation to persons under 16 years of age and to arrange for this information to be deleted, see section 4. What personal data is collected? of our Customer Personal Data Protection Charter.

 

RIGHT TO KNOW ABOUT PERSONAL INFORMATION

As a California resident, you have the right to request that we disclose what Personal Information we have collected about you in the 12-month period preceding your request, and more specifically the following:

·       The categories of Personal Information we have collected about you;

·       The categories of sources from which the Personal Information was collected;

·       The business or commercial purpose for collecting Personal Information, and if applicable, for “selling” Personal Information;

·       The categories of Personal Information that we “sold” (if applicable) or disclosed for a business purpose;

·       The categories of third parties to whom we have “sold” (if applicable) or disclosed Personal Information; and

·       The specific pieces of Personal Information we have collected about you.

 

RIGHT TO REQUEST DELETION OF PERSONAL INFORMATION

As a California resident and subject to certain exemptions, you have the right to request the deletion of your Personal Information that we collect.

 

HOW TO SUBMIT A REQUEST TO KNOW OR TO DELETE

You may submit a request to know or to delete:

• by sending an email to data.privacy@accor.com
• by contacting us at 877 856 1464 (toll free), or
• by writing to the address below:

Accor SA

Département Protection des Données Personnelles (Data Privacy Department)

82, rue Henri Farman - ACC 1208

CS 20077

92445 Issy-les-Moulineaux – France

When you submit your request, we will need to verify your identity pursuant to regulations adopted by the Attorney General and ask you to provide sufficient information in order to allow us to reasonably verify you are the person about whom we have collected information.

 

As part of our verification method, we will seek to verify the information in your request with the Personal Information we maintain about you. We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure or deletion as applicable. In addition, you may be required to submit a signed declaration under penalty of perjury stating that you are the individual whose Personal Information is being requested.

We will respond to your request to know or to delete within 45 days, unless additional time is needed, in which case we will let you know.

 

AUTHORIZED AGENTS

The CCPA allows California residents to designate an authorized agent to exercise their rights. If you submit a request via an authorized agent acting on your behalf, we will require this authorized agent to provide proof that you gave the agent signed permission to submit the request.

“DO NOT SELL MY PERSONAL INFORMATION”: RIGHT TO OPT-OUT OF THE SALE OF PERSONAL INFORMATION

Under the CCPA, the disclosure of Personal Information to a third party for monetary or other consideration of value can be considered as a "sale", the term “sale” being broadly defined.

The CCPA defines a “sale” as selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California resident’s Personal Information to another business or a third party for monetary or other valuable consideration.

The CCPA gives residents of California the right to opt out of the "sale" of their Personal Information.

We do not “sell” customers’ personal data in the strictest sense of the term. However, we offer Californian residents the opportunity to exercise this right, should one of our business practices be considered a “sale” within the meaning of the CCPA.

To opt-out of our use of third-party advertising cookies, see the “COOKIES” section below.  

You may submit a request to opt-out of the sale of your Personal Information:

• by using this form Do Not Sell My Personal Information  
• by sending an email to data.privacy@accor.com,
• by contacting us at 877 856 1464 (toll free),
• by writing to the address below:

Accor SA

Département Protection des Données Personnelles (Data Privacy Department)

82, rue Henri Farman - ACC 1208

CS 20077

92445 Issy-les-Moulineaux – France

 

COOKIES

On the Accor websites, Accor and its partners store or retrieve information on your device in order to: operate the websites and provide you with the services you request (these cannot be rejected), enhance and customize website functionalities, measure website audience and performance, profile your interests to provide you with relevant advertising and allow you to interact with social networks.

You can modify your choices at any time by clicking on the "Cookies" link at the bottom of the respective website.

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the websites do not currently interpret, respond to or alter their practices when they receive “Do Not Track” signals.

 

FINANCIAL INCENTIVES AND NON-DISCRIMINATION

We will not discriminate against you for exercising any of your CCPA rights.

Unless permitted by the CCPA, we will not:

·       Deny you goods or services;

·       Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;

·       Provide you a different level or quality of goods or services;

·       Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, as permitted by and in compliance with the CCPA, we may offer you certain financial incentives that can result in a different price, rate, level, or quality of services. Any financial incentive we offer will be reasonably related to the value of your Personal Information and your participation will be subject to any applicable terms. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

 

SHINE THE LIGHT LAW

If you are a California resident, California Civil Code § 1798.83 permits you to request information regarding the disclosure of your personal information by us to third parties for the third parties’ direct marketing purposes (as those terms are defined in that statute).

This information is as follows: in accordance with European regulations, we will only disclose your personal information to third parties for the third parties’ direct marketing purposes with your express prior consent and a prior information on the third parties your information will be disclosed to.

 

14.2 Your U.S. State Privacy Rights and Additional Disclosures

Depending on the state in which you reside, you may have certain privacy rights regarding your personal data. If you are a California resident, please see our “Privacy Notice for California residents” section above. For other state residents, your privacy rights may include (if applicable):

·       The right to confirm whether or not we are processing your personal data and to access such personal data and the categories of personal data we are processing or have processed;

·       The right to obtain a copy of your personal data that we collected from and/or about you in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another controller without hindrance, where the processing is carried out by automated means;

·       The right, at our option, to obtain a list of specific third parties, other than natural persons, to which we have disclosed your personal data or any personal data;

·       The right to delete personal data that we collected from and/or about you, subject to certain exceptions;

·       The right to correct inaccurate personal data that we maintain about you, subject to certain exceptions;

·       The right, if applicable, to opt out of the processing of your personal data for purposes of (1) targeted advertising; (2) the “sale” of your personal data (as that term is defined by applicable law); and (3) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you;

·       If we are required by applicable law to obtain your consent to process sensitive personal data, the right to withdraw your consent; and

·       The right not to receive discriminatory treatment by us for the exercise of your privacy rights.

We use cookies to display advertisements about our products to you on non-affiliated websites, applications, and online services. This is “targeted advertising” under applicable privacy laws. When we engage in those activities, we sell personal data (i.e., information from cookies) to third-party advertisers and analytics companies. We do not use personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning individuals.

To exercise your rights, please submit a request through:

• our interactive webform available here
• by sending an email to data.privacy@accor.com
• by contacting us at 877 856 1464 (toll free)
• by writing to the address below:

 Accor SA

Département Protection des Données Personnelles (Data Privacy Department)

82, rue Henri Farman - ACC 1208

CS 20077

92445 Issy-les-Moulineaux – France

If legally required, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the individual on whose behalf you are making such request. To do so, we will ask you to verify data points based on information we have in our records. If you are submitting a request on behalf of another individual, please use the same contact methods described above. If we refuse to take action regarding your request, you may appeal our decision by using our interactive webform available here (“other request”), sending an email to data.privacy@accor.com or by calling us at 877 856 1464. If you would like to opt out of targeted advertising, you may alter your cookie preferences here.

 

14.3 Privacy Notice for Chinese residents

 

14.3.1 Introduction

This Privacy Notice for China is part of the Accor SA "Customer Personal Data Protection Charter" and should be read in conjunction with it. This notice is made pursuant to the Personal Information Protection Law of the People's Republic of China (" PIPL") and applies to our personal information processing activities:

·       in the People's Republic of China (which, for the purposes of this notice only, excludes the Hong Kong SAR, Macau SAR and Taiwan China) ("China"); and

·       outside China for the purposes of providing products and services to people in China.

 

For the above personal information processing activities, if there is any inconsistency between this Privacy Notice for China and the above Customer Personal Data Protection Charter, this Privacy Notice for China prevails.

 

14.3.2 Collection, Use and Retention of Personal Information

The PIPL defines "Personal Information" as any kind of information related to an identified or identifiable natural person as electronically or otherwise recorded, excluding information that has been anonymized. Processing activities include the collection, storage, use, processing, transmission, provision, disclosure, and deletion of personal information.

 

To learn more about how we collect, use, and retain your personal information, please refer to the Section 4 (WHAT PERSONAL DATA IS COLLECTED), Section 5 (WHEN IS YOUR PERSONAL DATA COLLECTED), and Section 6 (WHAT PURPOSES IS YOUR DATA COLLECTED FOR AND HOW LONG DO WE RETAIN IT) in the Customer Personal Data Protection Charter.

For a breakdown of the specific personal information we collect under each business scenario, please see the details below. Any sensitive personal information under PIPL involved will be highlighted in bold and underlined for your attention. We will implement strict protective measures to ensure the security of sensitive personal information and will not cause any significant impact on your personal rights and interests. If you provide personal information that is not your own, you must ensure that you have obtained the individual's consent.

 

(1) Hotel Activities

a. Hotel Reservation

To verify customer identity, confirm reservations, and communicate with you when necessary, we collect the following personal information: your name, mobile number, email address, country or region, and reservation details (hotel name/address, check-in/check-out dates, room type/rate, and number of guests). For certain reservations requiring advance payment as a guarantee, we also collect your payment card information to complete the booking.

Additionally, if you inform us that a minor will be staying with you, we will collect the minor’s age to provide child-related services.

b. Hotel Stay

To provide you with hotel accommodation services, including check-in, membership points calculation based on your stay and expenses, check-out, communication during your stay, and requested services, we collect your name, accommodation details, email address, contact address, payment card information, transaction and consumption records.

We may also send a guest satisfaction survey to your email or through other means. If you choose to participate, we will collect information about your country and gender to better understand your feedback.

(2) Loyalty Program

To create your membership account for the Accor Loyalty Program and communicate with you regarding related information, you are required to provide at least your name, title, email address, phone number, country or region, and membership account password (if registering through the "Accor Live Limitless" WeChat mini-program, no password is required, and login is done via SMS verification code). Additionally, we need to collect your accommodation information, transaction and consumption records to track your membership stay history and calculate loyalty points and other entitlements.

In addition to the necessary personal information listed above, you may choose to provide additional information in your member account to access extended features or optimized services. Specifically, you may choose to provide your date of birth to receive birthday benefits; you may choose to provide your contact address to receive member gifts or other privileges; you may choose to provide payment card information to use the quick payment feature; and you may choose to include your professional information (such as company identification, work phone number, email, and address) to access services related to your company.

You may also choose to provide us with (or we may proactively record) your preferences (such as smoking or non-smoking room, preferred floor, bed type, preferred newspapers/magazines, sports/cultural interests, dietary preferences, etc.) to meet your personalized service needs. You can update your preferences by visiting the Accor website and accessing your personal account under "Overview" – "Stay Preferences."

(3) Others

a. Marketing Activities

With your consent, we may use the email address and phone number you provided to send you marketing information and news about our products, services, or promotional activities. You can opt-out of these marketing communications at any time.

b. Statistical Analysis

We may use the personal information we collect for overall data statistics and performance analysis. These statistics and analysis results will be used to understand business conditions, product and service development and optimization, etc. The results will support our business decisions but will not include any identifiable personal information.

c. Online Activities and Security Protection

When you interact with us via online channels (website, app, WeChat mini-program), we will collect relevant personal information you provide. To support, maintain, and improve our online services, we may collect device information, network data, and application information while you use these channels. In addition, to ensure the rights and safety of ourselves or others, we may use the information collected to detect and prevent security incidents, including fraud, abuse, illegal use, or violations of our terms.

d. Compliance Requirements

In providing services to you and managing our internal operations, we may need to use personal information generated during your bookings, stays, registration and use of membership, online activities, or other interactions with us to fulfill our compliance obligations related to financial, tax, legal, and regulatory requirements.

Exceptions to Consent

You fully understand that in the following situations, we may process your personal information without obtaining your consent:

• As necessary for the conclusion or performance of a contract to which you are a party;
• As required to fulfill legal duties or obligations;
• As necessary to respond to public health emergencies or in emergency situations to protect the life, health, and property safety of yourself or others;
• As necessary for public interest activities such as news reporting and public opinion supervision, processing your personal information within a reasonable scope;
• As allowed by law, processing personal information you have disclosed publicly or other information that has been legally disclosed;
• Other circumstances as prescribed by laws and regulations.

 

14.3.3 System Permissions

When you use our App and Weixin Mini-program, we will seek system permissions on your device to ensure the functionality of our products/services and their safe and stable operation as follows:

 

Name of system permissions	Description	Purposes	Applicable platforms
android.permission.ACCESS_NETWORK_STATE	View network status	Allows an application to view the status of all networks.	Android
android.permission.INTERNET	Full internet access	Allows an application to create network sockets.	Android
android.permission.WAKE_LOCK	Prevent phone from sleeping	Allows an application to prevent the phone from going to sleep.	Android
android.permission.ACCESS_WIFI_STATE	View Wi-Fi status	Allows an application to view the information about the status of Wi-Fi.	Android
com.google.android.c2dm.permission.RECEIVE	C2DM permissions	Permission for cloud to device messaging.	Android
android.permission.RECEIVE_BOOT_COMPLETED	Automatically start at boot	Allows an application to start itself as soon as the System has finished booting.	Android
android.permission.FOREGROUND_SERVICE	Allows a regular application to use service.startforeground	Allows a regular application to use service.startforeground.	Android
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE	Get APP installation information for notification pushing	To get information about the origin of the installation of the APP by the user in order for the push notification system to reach Google servers and push the notification on the right device.	Android
android.permission.VIBRATE	Control device vibration	Allows the application to control device vibration.	Android
com.accor.appli.hybrid.inhouse.batch.permission.INTERNAL_BROADCAST	Push notifications	To request user authorization to send him/her push notifications	Android
android.permission.READ_EXTERNAL_STORAGE	Read external storage contents	Allows an application to read external storage. Necessary to install the application on a device without internal memory.	Android
android.permission.WRITE_EXTERNAL_STORAGE	Read/modify/delete external storage contents	Allows an application to write to external storage. Necessary to install the application on a device without internal memory.	Android
android.permission.READ_PHONE_STATE	Read phone state and identity	Allows the application to access the phone features of the device.  Feature to call Accor customer Help Center in the app.	Android
android.permission.BLUETOOTH	Create Bluetooth Connections	Allows applications to connect to paired Bluetooth devices. Necessary to have the Accor Hotel Keyless functionality (keyless door lock).	Android
android.permission.BLUETOOTH_ADMIN	Bluetooth Administration	Allows applications to discover and pair Bluetooth devices. Necessary to have the Accor Hotel Keyless functionality (keyless door lock).	Android
android.permission.ACCESS_FINE_LOCATION	Fine (GPS) location	Access fine location sources, such as the GPS on the phone, where available. Necessary for the geolocation hotel search feature (find a hotel around me).	Android
android.permission.ACCESS_COARSE_LOCATION	Coarse (networkbased) location	Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Necessary to define the language to be displayed in the application.	Android
NSCalendarsUsageDescription	Calendar	Add booking to calendar	iOS
NSMicrophoneUsageDescription	Microphone	Voice Search feature	iOS
NSLocationAlwaysUsageDescription	Location	Find hotels + taxi or chauffeur-driven car	iOS
NSLocationWhenInUseUsageDescription	Location	Find hotels + taxi or chauffeur-driven car	iOS
NSSpeechRecognitionUsageDescription	Speech recognition	Voice search feature	iOS
NSUserTrackingUsageDescription	Tracking (IDFA/ATT)	Tracking. Necessary because of mandatory IDFA / ATT Apple’s rule. Consent is needed prior sending identifier to partners.	iOS
	Push notification	Push	iOS
	Background app refresh	Allow the application to be refreshed in background. Can be turned off in iOS settings	iOS
NSBluetoothAlwaysUsageDescription	Bluetooth	Necessary to have the Accor Hotel Keyless functionality (keyless door lock)	iOS
Share Profile (Nickname, Gender, region, Country, Image/Avatar)		Avoid to fill the same information in a form in Mini-Program	Weixin Mini-Program
Share Mobile number		Automatically fill in the mobile phone number, which is used to send SMS notifications such as room information.	Weixin Mini-Program
Share WeChat Chat feature		Activation of chat notification.	Weixin Mini-Program
Share WeChat Pay		Payment through WeChat.	Weixin Mini-Program
Share Geo fencing		Geo localization, necessary for the geolocation hotel search feature (find a hotel around me).	Weixin Mini-Program

 

Please note that by turning on any of the permissions, you authorize us to collect and use the relevant personal information to provide you with the corresponding services, and by turning off any of the permissions, you cancel your authorization, and we will no longer collect and use the relevant personal information based on the corresponding permissions, nor can we continue to provide you with the services corresponding to the permissions. Your decision to cancel your authorization will not affect any previous collection and use of information based on your authorization. You can manage your authorizations through your device settings.

 

14.3.4 How We Entrust for Processing, Provide to Third-Parties, Transfer and Publicly Disclose Your Personal Information

Entrusted Personal Information Processing

In order to provide certain services to you, we may need to entrust a service provider to process some of your personal information. We will enter into strict confidentiality agreements and personal information protection clauses with such entrusted parties, requiring them to process and protect your personal information in accordance with our requirements, this Privacy Notice and any other relevant confidentiality and security requirements.

Providing Personal Information to Third-Party Service Providers

In order to give you a better service experience, we provide you with access to a variety of products or services provided by third party service providers. When you use these services, we may, with your explicit authorization or consent, provide or share your personal information for the purposes described in the Customer Personal Data Protection Charter among members of the Accor Group or third party service providers, including:

·       Accor SA subsidiaries;

·       Franchised and managed hotels;

·       Master franchisees;

·       Spa, restaurant, health club, concierge and other outlets at properties to provide you with services;

·       Loyalty programs partners;

·       AccorPlus loyalty program;

·       Travel agencies and distributions systems operators;

·       Payment services providers;

·       Travel insurance partners;

·       Advertising network and analytics providers for Accor's website and mobile applications.

 

Third-Party SDKs We Use

Our website, App and Mini-program may have integrated third-party software development kits (SDKs) to ensure their stable operation and to provide relevant services to you. If you want to know more information about the third-party SDKs we use, please see the following SDK list:

Number	Name of the SDK	SDK service provider	Purposes of processing personal information	Personal information collected via SDK	SDK service provider's privacy policy
1	Firebase	Google, Inc.	User tracking and engagement.	No personal information, only anonymous navigation data.	https://firebase.google.com/support/privacy
2	Firebase Crashlytics	Google, Inc.	User crash monitoring.	No personal information, only anonymous data about crash: device, OS version	https://firebase.google.com/support/privacy
3	Firebase Remote Config	Google, Inc.	Enable feature without submitting a new app on the store.	No personal information, only anonymous data: app version	https://firebase.google.com/support/privacy
4	Firebase Analytics	Google, Inc.	User tracking and engagement.	No personal information, only anonymous navigation data: screen view, click, time on each page	https://firebase.google.com/support/privacy
5	GoogleAnalytics	Google, Inc.	User tracking and engagement.	No personal information, only anonymous data	https://developers.google.com/analytics/ devguides/collection/protocol/policy
6	GoogleTagManager	Google, Inc.	Managing tracking plan in the app	No personal information, only anonymous data	https://marketingplatform.google.com/ about/analytics/tag-manager/use- policy/#:~:text=If%20You%20have% 203rd%20Party,responsible%20for%203 rd%20Party%20Tags.&text=to%20upload %20any%20data%20to,such%20information %20by%20Google%2C%20or
7	Branch	Branch Metrics, Inc.	Deeplink handling.	No personal data	https://branch.io/policies/privacy-policy/
8	Batch	IMEDIAPP SA	User push notification management.	Device installation ID	https://batch.com/privacy-policy
9	BatchExtension	IMEDIAPP SA	Custom push notification	Device installation ID	https://batch.com/privacy-policy
10	Dynatrace	Dynatrace LLC	Application API call tracking, used for stats and API debugging.	Anonymous data, except PMID (user id). With this PMID we can show: -App version -User actions -User crashs -Device -OS version -IP Adress	https://www.dynatrace.com/company/ trust-center/privacy/
11	One Trust	One Trust, LLC.	User consent management platform.	Cookie consent for one device / no user data	https://www.onetrust.com/privacy-notice/
12	Alamofire	Open Source (https://github.com/Alamofire/Alamofire)	HTTP networking library for iOS	No personal information	NA
13	Apollo	MG Code EPE	Android Graph QL API client	No personal information	https://www.apollographql.com/ privacy-policy/
14	Content Square	Content Square, Inc.	Web analytics feature	No personal information, only anonymous data	https://contentsquare.com/privacy-center/privacy-policy/
15	Materiel Design	Google	User Interface Design Tool	No personal information	NA
16	Kingfisher	Open Source (https://github.com/onevcat/Kingfisher/)	Library for downloading and caching images from the web	No personal information	NA
17	FSCalendar	Open source (https://github.com/onevcat/Kingfisher/FSCalendar)	Library for downloading and caching images from the web	No personal information	NA
18	Threat Matrix	LexisNexis Risk Solutions Inc.	Security analytics.	No personal information	https://risk.lexisnexis.com/group/privacy-policy
19	Cardinal Commerce	Visa, Inc.	PSD2 Banking authorisation management.	No personal information	https://usa.visa.com/legal/ privacy-policy.html
20	Imperva	Imperva, Inc.	Bot detection / security	No personal information	https://www.imperva.com/trust-center/privacy-statement/
21	Karhoo	Flit Technologies Ltd	Chauffeur driven car booking SDK.	No personal information	https://www.karhoo.com/ privacy-policy/
22	Stay My Way	Stay My Way	Contactless door opening.	PMID / Reservation ID	NA
23	Debug Tool Kit	Open Source (https://github.com/dbukowski/DBDebugToolkit)	Access to debugging logs	No personal information, only anonymous data	NA
24	Nimble	Open Source (https://github.com/Quick/Nimble )	express the expected outcomes of Swift or Objective-C expression	No personal information	NA
25	Facebook	Meta, Inc.	User tracking, such as Firebase, for Facebook purposes	PMID (user identifier)	https://www.facebook.com/policy.php
26	Baidu Maps	Baidu, Inc.	Mapping application for China.	No personal information	http://privacy.baidu.com/policy
27	Retrofit2	Open source (https://square.github.io/retrofit/ )	Android REST API client.	No personal information	NA
28	U-MiniProgram	Youmeng Tongxin (Beijing)Technology Limited	Statistical analysis for wechat mini-program	Account nicknames/avatars of mini-program users, genders/regions/languages set by users in their mini-program accounts, models/brands of users' devices, operating systems and system version numbers, and screen resolutions	https://developer.umeng.com/docs/147377/detail/209997

 

Transfer

If a transfer is required due to reasons such as mergers, divisions, dissolution, or bankruptcy, we will inform you of the name and contact details of the receiving party before the transfer and ensure that the receiving party continues to fulfill the obligations of a personal information handler. If the receiving party changes the original purpose or method of processing, we will require them to obtain your consent again in accordance with legal requirements.

 

Public Disclosure

As a general rule, we will not publicly disclose your personal information. If public disclosure is necessary, we will inform you of the purpose of the disclosure, the types of information to be disclosed, and any sensitive personal information that may be involved, and we will seek your separate consent.

 

14.3.5 Protection of Your Personal Data During International Transfers

We use central information systems located overseas to process your reservation, accommodation, and membership information. The details are as follows:

Name of the overseas recipient: Accor S.A.

Contact details of the overseas recipient: data.privacy@accor.com or 82 rue Henri Farman, 92130 Issy-les-Moulineaux, France

Purpose of processing: As a global multinational company, Accor Group adopts globally integrated standards for its products, services, and management. The central information systems are used to manage customer reservations, accommodations, and memberships worldwide. Specifically: when you book our hotel, we need to collect your personal information to coordinate the hotel reservation management system globally (including but not limited to China) and integrate the group’s global resources. This information is used for hotel reservations and prepaid management. When you stay and consume services at our hotels, we need to collect your personal information to efficiently and consistently monitor your experience, address needs and issues during your stay, understand guest accommodations across different hotels, analyze hotel performance and service, and meet internal audit and management requirements. This is used for member points calculation, non-member communication channels, customer surveys and analysis, and hotel performance analysis. When you register as an Accor member or enjoy Accor membership services, we need to collect your personal information to ensure the effective operation of our global membership system (including point accumulation and redemption, global promotions, personalized services, etc.). This is used for membership registration, ALL Plus card management, preference management, loyalty points management, and fast payment management. Additionally, the overseas recipient may use the collected personal information for internal audit purposes.

Method of processing: Collection, transmission, storage, use, processing, provision, and deletion.

Types of personal information processed: When you book our hotel, the overseas recipient needs to process your name, email address, phone number, country or region, booking information, payment card details, transaction and consumption records, age of guests under 14 (optional), and Accor membership ID (optional). When you stay and consume services at our hotel, the overseas recipient processes your name, accommodation information, email address, country (optional), gender (optional), accommodation satisfaction feedback (optional), and contact address. When you register as an Accor member or use Accor membership services, the overseas recipient processes your name, title, country or region, email address, phone number, membership account password, date of birth (optional), contact address (optional), Accor membership ID, payment card details (optional), accommodation information, transaction and consumption records, and preferences.

To achieve the above processing purposes, your personal information may be provided to other overseas recipients, including:

• Service providers of the overseas recipient
• Accor Group subsidiaries
• Franchised and managed hotels

You can exercise your rights as a data subject under the Personal Information Protection Law by emailing the designated email for Accor China (China.dataprivacy.team@accor.com) or the Accor Group email (Data.privacy@accor.com) (Please refer to Section “14.3.8 Your Rights”).

 

14.3.6 Data Security

We take appropriate technical and organizational measures, in accordance with applicable legal provisions, to protect your personal information against unlawful or accidental destruction, alteration, loss, misuse, access, modification or disclosure. For more information, please read 9. DATA SECURITY in the Customer Personal Data Protection Charter.

 

14.3.7 Protection of Personal Information of Children

We take the protection of minors' personal information very seriously and comply with the requirements of the PIPL to safeguard the personal information of minors (under the age of 14). 

Please note that our services are primarily intended for adults. If it is necessary to collect a minor's personal information (e.g., when booking a room, providing the age of a minor staying together), such information must be provided by an adult. We would be grateful if you could ensure that your children do not send us any personal information without your consent (particularly via the Internet). If such information is sent, you can contact us (see section 14.3.9 "Questions and Contacts" below) to arrange for this information to be deleted.

If you have any questions, requests, or concerns regarding the protection of children's personal information, please contact us as indicated in section 14.3.9 "Questions and Contacts".

For matters not specifically addressed in this Protection of Personal Information of Children section, the relevant provisions of the Customer Personal Data Protection Charter shall apply.

 

14.3.8 Your Rights

In addition to your rights under 11. YOUR RIGHTS in "Customer Personal Data Protection Charter", unless otherwise provided by law or administrative regulations of China, you also have the following rights:

·       the right to be informed about and the right to decide on the processing of your personal information, as well as the right to restrict or deny us from processing of your personal information;

·       the right to access or make copies of your personal information from us;

·       the right to have your personal information transferred to another entity that you designate, provided that the conditions prescribed by the national cybersecurity authority are met;

·       the right to ask us to correct or complete your personal information;

·       the right to withdraw your consent if our processing activities are based on your consent;

·       the right to ask us to explain the rules of processing your personal information;

·       the right to ask us to explain decisions we make through automated decision-making, if the decision has a material impact on your rights and interests, as well as the right to refuse the making of decisions by us solely by means of automated decision-making.

 

As introduced in 11. YOUR RIGHTS in "Customer Personal Data Protection Charter" you may contact the Data Privacy department for the Accor Group or our China Data Protection team (please refer to Section 14.3.9 "Questions and Contacts") in the event that you wish to exercise any of your rights. In addition, if you use our App you can also correct, complete or delete some of your personal information by clicking on the “Account” button, then clicking on “Advanced settings” and then on “Request the deletion of your account”.

We will deal with your requests to exercise your rights under applicable Chinese laws or administrative regulations promptly after verifying your identity and within 15 working days.  

Within the scope permitted by law and regulations, we may not be able to respond to your request to exercise your rights under the following circumstances:

·       If your request contradicts our obligations under laws and regulations;

·       If the requested information is directly related to national security or defense security;

·       If the requested information is directly related to public safety, public health, or major public interests;

·       If the requested information is directly related to criminal investigations, prosecutions, trials, and enforcement of judgments;

·       If we have sufficient evidence to show that you have malicious intent or are abusing your rights;

·       If responding to your request is necessary to protect your or another individual's life, property, or other significant legitimate interests but obtaining your consent is difficult;

·       If responding to your request would severely harm the legitimate interests of you or other individuals or organizations;

·       If the requested information involves trade secrets.

 

14.3.9 Questions and Contacts

In the event that you have any questions about your personal information or wish to exercise any of your rights, please contact the AccorGroup Data Privacy department directly by sending an email to data.privacy@accor.com or by writing to the address below:

 

Accor

Département Protection des Données Personnelles (Data Privacy Department)

82, rue Henri Farman -ACC 1208

CS 20077

92445 Issy-les-Moulineaux – France

Alternatively, if you wish to contact our people in China, please contact:

Email: China.DataPrivacy.Team@accor.com

Address：AAPC (Shanghai) Co., Ltd,

12F, Tower C, The PLACE, No.150 Zun Yi Road, Shanghai 200051, P R. China