Privacy policy

A. INTRODUCTION

Sino Hotels (referred to herein as "Sino", "we", "us", or "our") recognise that privacy is an important issue. This Privacy Policy informs you about our privacy policies and practices in relation to handling personal data, the type of personal data we collect, the third parties with whom we might share such information, and how you can review or change the personal data you provide to us. We are dedicated to respecting your privacy and safeguarding your personally identifiable information (“personal data”).

Providing your personal data to us is voluntary, however if you do not provide this information we may not be able to provide you with the products, services or information you have requested.

When disclosing personal data to us, please ensure that the data you provide is complete and accurate. You will notify us immediately of any changes to relevant personal data so that we can update our records. To the extent permitted by law, we may take any action with respect to your personal data that we deem necessary or appropriate if we believe that it may cause us, or any third party, to suffer any loss, liability or damage.

You agree that where you submit to us personal data relating to third parties, you will have their consent to submit and process such data for a specified purpose(s) and that you will be responsible for any claim they may have that their information has been misappropriated from them or provided to us without their consent. We may contact the third party to confirm their consent to the relevant purpose(s) for processing their personal data.

This Privacy Policy applies to our collection of personal data through various means such as online, website, Apps, or by our documents and communications, to the fullest extent where applicable. Additional information about the terms of use of our website and the use of materials you submit to us through our website is available in our Site Usage Agreement. Please click here for further information.

B. CATEGORIES OF INFORMATION WE COLLECT

The information including personal data that we collect may include but not limited to:

1. Your name, gender, date of birth, marital status, occupation and the particulars of your registered status with any of our subsidiaries, associated companies and / or partners;
2. Your contact information such as telephone numbers, mailing addresses, e-mail addresses and fax numbers;
3. Your credit card or relevant payment information;
4. Your passport information including passport number, nationality, and a copy of your physical passport;
5. Your login and password details, so that we can retrieve your login details if you forget or lose them;
6. Booking and billing data that may be generated at the time you make an online booking via our website, or a third party partner website;
7. Your favourite hotels and charities;
8. Your communication preferences; and
9. Your responses to market surveys and contests conducted by us or on our behalf.

Minors and Children

Our websites and on-line services are not intended for use by minors and children and we request them not to provide personal data to us on any of our websites unless with the permission of their parent or guardian.

C. PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

Making Reservations:
When you make a reservation or purchase hotel accommodation, your request will be passed to a Sino Hotel’s reservation website that will request your name and address along with other information which personally identifies you to assist with your reservation and stay such as credit card information including its number and related details, date of arrival / departure, membership number (if any), and room preferences. We need to process your personal data in this way in order to perform our contractual obligations to you in relation to products and services you have requested, and to process your registration at one of our hotels.

We also collect personal data in relation to the following services.

Sweepstakes and Contests:
On occasion, we conduct sweepstakes and contests that offer the opportunity to win prizes. Each sweepstake has its own Terms and Conditions for your acceptance. Some sweepstakes require you to choose to enter and for others you will be entered automatically if certain conditions are met (e.g., making a reservation with a certain credit card). As part of entering a sweepstake, certain personal data such as name, credit card details and email address may be required. From time to time we may partner with other companies mentioned below to provide co-sponsored or co-branded promotions, products and services and may share your personal data with our co-sponsor. If you enter one of these sweepstakes or contests, you shall accept the Terms and Conditions and we may share your personal data with our co-sponsor or the third party sponsor. We need to process your personal data in this way in order to perform our contractual obligations to you in relation to a sweepstake or contest. If you do not accept the Terms and Conditions, we will not be able to offer these opportunities to you.

Contacting Us by E-mail with Questions or Comments:
When you send us an email or message us from one of our sites, we may retain information such as the content (including any follow up questions you may have), your email address, and our response. We may use this information, for example, to measure how effectively we address customer concerns online, to personalise your experience, and to continuously improve our service to you. It is in our legitimate interest to process your personal data in this way, as it allows us to deliver the type of content and product offerings in which you are most interested, to better understand and meet your needs, and to enhance our relationship with you. It also enables us to maintain high levels of customer service and responsiveness.

Direct Marketing:
We intend to use your contact information (such as name, email address and phone number) to send marketing materials or make appropriate promotional offers to you. The marketing or promotional materials may cover the following: (i) hotel and hospitality; (ii) catering, food and beverage; (iii) leisure and entertainment; and (iv) any products, services or facilities which we think may be of interest to you. We may share your contact information or enable our affiliated hotels brands, Partner Companies and/or marketing service providers to send direct marketing materials and make promotional offers to you if we feel these might be of interest to you, in relation to the same classes of marketing subjects.

We will only use your contact information for direct marketing or promotional purposes if you have provided your consent (or your indication of no objection) for us to do so. We will not send such messages to you if you have unsubscribed from receiving these messages (please see "Your Rights" below for further information).

Electronic Postcards and Forwarding to Friends:
From time to time, our websites may offer a feature that allows you to send an electronic postcard or otherwise share a message with a friend. If you choose to do so, we will ask you for your name and e-mail address, and the recipient's name and e-mail address, along with the text of any message you choose to include. It is in our legitimate interest to process personal data in this way in order to offer this type of interactive feature on our website, and thereby improve the overall appeal of our website to customers.

Online Surveys:
Occasionally, we may conduct online surveys to better understand the effectiveness of our websites and to improve our service performance. Your participation in these surveys is voluntary. Information collected by us when you participate in a survey may include name, street address and e-mail address.

Employment:
If you choose to apply for employment online, you will be required to provide your name, street address, telephone number, email address, education background and employment history. You will also be asked to provide other relevant information for such purpose, e.g. to attach your resume to our electronic form. You will be asked to provide your email address if you choose to be notified of any future openings. It is in our legitimate interests to process personal data of online employment applications at the request of a data subject seeking to obtain employment (prior to the agreement of an employment contract) and to assess the suitability of the data subject for the opening.
User Account:
When making a reservation, we may offer you the option to register for an account with us. We will ask you to select a username and password, and provide your name and contact information. If you choose to, you can include credit card information, room preferences and select the email newsletters to which you would like to subscribe. In addition, the information you provided to us at the time of registration may be accessed, reviewed and updated at any time by logging in to your User Account.

Aggregating Website Data:
We aggregate statistics, responses to any surveys and questionnaires, traffic patterns and related site information and disclose such aggregate data to third parties for marketing, advertising or other promotional purposes but such aggregate data will not include any personal data. To enable us to monitor and improve our websites, we gather and record on our servers certain aggregated information about you when you use it, including without limitation, details of your operating system, browser version, domain name and IP address, the URL you came from and go to and the parts of our websites you visit. Such information is primarily used to provide you with an enhanced online experience. To the extent that such data is not fully anonymised and continues to constitute personal data, it is necessary for our legitimate interests to process this data in order to monitor and enhance our website offering, and ensure the website is functional and user-friendly.

Legal Grounds:
We will use and disclose your personal data when we believe in good faith that such disclosure is required by law, regulations, order or notice issued by a competent authority or is necessary or desirable to investigate or protect against harmful activities to guests, visitors, employees or others or to property (including these websites) or to protect or enforce our rights under the contract or otherwise with you.

D. DISCLOSING PERSONAL DATA TO THIRD PARTIES

In order to conduct our business, and provide products and services to you, we may disclose the personal data that you voluntarily share with us to the following third parties:

1. Sino Hotels including City Garden Hotel, Hong Kong Gold Coast Hotel, Island Pacific Hotel, The Royal Pacific Hotel & Towers, The Pottinger Hong Kong and The Olympian Hong Kong;
2. The Fullerton Hotels and Resorts including The Fullerton Hotel Singapore, The Fullerton Bay Hotel Singapore, The Fullerton Hotel Sydney and The Fullerton Ocean Park Hotel Hong Kong;
3. other Sino Group affiliate companies and their associates and successors (including the purchaser of the whole or part of our business);
4. our business partners ("Partner Companies") who may offer goods or services or information in relation to our business (including hotels, travel, leisure and entertainment, food and beverage, spa, conferencing, transportation, banking, telecommunication, insurance, and other consumer products and services);
5. our marketing service providers who provide marketing services on our behalf;
6. agents, contractors, sub-contractors or third party service providers (including the companies which provide the system for running the programme or the fulfilment house for arranging the membership card and other service providers who support on service delivery to members or provide administrative, telecommunication, computer or other services to us in connection with operation of our business), and / or
7. other third parties who may offer goods or services or information we think may be of interest to you, to provide services and products, process reservations and other transactions you request and to provide you with customer service.

We also rely on third party service providers to help us deliver products and services and programmes, offer products and services, and provide services in connection with our websites including communicating news and delivering promotional materials via e-mail and direct mail and administering sweepstakes and surveys. The service providers would only access data necessary for the provision of their services or performance of their duties, and shall not use such data for any other purpose.

Except as detailed in this Privacy Policy or the Personal Information Collection Statement, Sino Hotels will not disclose personal data to third parties outside Sino Hotels without your consent.

E. INTERNATIONAL TRANSFERS OF PERSONAL DATA

In most instances personal data is processed in the territory where the hotel is located. Personal data may also be transferred to, and stored at, another jurisdiction outside the European Economic Area ("EEA"). We will take steps that are reasonably necessary to ensure that your personal data is treated in accordance with applicable data protection laws, including, where relevant, entering into EU standard contractual clauses (or equivalent measures) with the party outside the EEA receiving the personal data.

F. THIRD PARTY WEBSITES

If you enter or choose to leave our websites via links to other non-Sino Group, non-Sino Hotels and/or non-Fullerton Hotels sites (such as those of our advertisers, content providers, vendors, independent hotels, affiliates and partners), your visits to those sites are not covered by this Privacy Policy. We do not control and shall not be responsible for the collection of personal data by third party websites, or websites not controlled or authorised by us and these websites may have their own privacy practices. We accept no responsibility or liability for third party websites' practices and policies. You should contact the relevant website administrator or web master directly to ask questions about their privacy practices and policies.

G. SECURITY AND STORAGE OF PERSONAL DATA

All internet users accept that there is an element of inherent security risk when dealing online over the internet, and we cannot guarantee the security of any personal data you disclose online. You accept the inherent security implications of dealing online over the Internet and will not hold us responsible for any breach of security unless we have been negligent and then only to the limits set out in the Site Usage Agreement. Nevertheless, we take reasonable steps and use appropriate technical and organisational measures to ensure appropriate security of the personal data we hold, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage.

We will only retain your personal data for as long as is necessary for the purposes for which that personal data was collected or processed and to the extent permitted by applicable laws. When we no longer need to use your personal data, we will delete it from our systems/records or take steps to anonymise such information so that you can no longer be identified from it (unless we need to keep your personal data for a longer period to comply with legal or regulatory obligations to which we are subject).

H. YOUR RIGHTS

Under the Hong Kong Personal Data (Privacy) Ordinance, you are entitled to access and make changes to any personal data relating to your profile held in our database. You should update the personal data held by us whenever there is a change.

If you want to exercise any data protection rights that may be available to you under applicable law or have questions or concerns about how your personal data is handled by us or third parties on our behalf, you may contact:

Data Protection Officer
Sino Hotels
The Royal Pacific Hotels & Towers
China Hong Kong City, 33 Canton Road, Tsimshatsui, Kowloon
Hong Kong
Email: privacypolicy@sino-hotels.com

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws within a reasonable time, and at least within one month. We reserve the right to charge a reasonable fee for the processing of any such access request. As indicated above, all requests for access to your personal information must be submitted in writing. When communicating your request, please be sure to include your full name, address and telephone number so we can ascertain your identity, and specify clearly the type of enquiry and the original source of data collection. We may ask you to verify your identity in order to help us respond efficiently to your request.

If you wish to opt out of receiving email communications from us, you may also click the “unsubscribe” link in each email you receive from us.

In addition, in some circumstances based on applicable data protection laws, you may request that we cease sharing personal data about you with our business partners or that we cease using personal data about you on the grounds that such personal data was acquired by unjust means or used in violation of law by sending your written request to our Data Protection Officer at email: privacypolicy@sino-hotels.com. We will seek to honour those requests consistently with applicable data protection laws.


Addendum – Applicable to Personal Data Received from EU

For individuals in EU (“European Union”) from whom we collect personal data on our website, under applicable data protection laws (to the extent they apply to our website and to you) you shall have the following rights:

• Access. You have the right to request a copy of the personal data we are processing about you, which we will provide back to you in electronic form. For your own privacy and security, in our discretion we may require you to prove your identity before providing the requested information.
• Rectification. You have the right to have incomplete or inaccurate personal data that we process about you corrected. Please note that you can always make certain adjustments to certain personal data directly through your online account.
• Deletion. You have the right to request that we delete personal data that we process about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
• Restriction. You have the right to restrict our processing of your personal data where you believe such data to be inaccurate, our processing is unlawful or that we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
• Portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent (such as for direct marketing communications) or to perform a contract with you.
• Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us.
• Objection. Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
• Complaint. You have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. Please click here for a list of local data protection authorities in the other EEA countries.


Addendum – Applicable to Personal Information Received from the PRC

In the course of providing services, we may collect personal information from individuals located within the territory of the People’s Republic of China (“PRC” or “Mainland China”, excluding Hong Kong and Macau). If you are individual within the PRC’s territory receiving our services, we will implement personal information protection measures to safeguard your privacy in compliance with the personal information protection principles set forth in the Personal Information Protection Law (“PIPL”) of the PRC.

In principle, personal information collected by our hotel will be retained in the territory where the hotel is located. As we may utilize resources, browsers, servers, etc. outside the territory where the hotel is located to provide our products or services, this means that your personal information may be transferred to or accessed from jurisdictions outside the country/region where you use our products or services.

Your rights:
Apart from the rights mentioned in other sections of this Policy, you are conferred with the following rights under the PIPL:-

• Deletion. You have the right to request us to delete your personal information. However, this will need to be balanced against other factors such as statutory data retention.
• Restriction of processing. You have the right to request us to restrict processing your personal information. However, we may not be able to provide your requested service/product if you do not allow us to process necessary personal information.
• Data Portability. You have the right to request us to transfer your personal information that you have provided to us to a third party of your choice. This right can only be exercised in certain circumstances where applicable.
• Automated decision-making. You have the right not to be subjected to automated decision-making including profiling.
• Withdrawing consent. We may ask for your consent to process your personal information where consent is necessary as the lawful basis for processing personal information. In such case, you have the right to withdraw your consent.
• Access and Correction. You have the right to request access to and correction of your personal information held by us. You may submit your request to our Data Protection Office If you wish to check whether we hold any of your personal information, or wish to access or correct any inaccurate personal information relating to you

We may charge a reasonable fee for processing your request depending on the circumstances. We may refuse requests that are unreasonably repetitive, require disproportionate technical means (such as developing new systems or fundamentally altering existing practices), jeopardize the legitimate rights and interests of others, or are extremely impractical (such as involving information stored on backup tapes).

In the following circumstances, we will be unable to respond to your request in accordance with legal and regulatory requirements:

- matters directly related to national security or defense security;
- matters directly related to public safety, public health, or significant public interests;
- matters directly related to criminal investigations, prosecutions, trials, or the enforcement of judgments;
- where there is sufficient evidence indicating your subjective malice or abuse of rights;
- where responding to your request would cause serious harm to the legitimate rights and interests of you or other individuals/organizations;
- where it involves trade secrets;
- other circumstances stipulated by laws and regulations.



I. COOKIES POLICY

We may automatically track and collect your IP address, domain server, the type of computer and type of web browser you are using and use "cookies" to (i) customise website content specific to your interests, (ii) ensure that you do not see the same advertisement repeatedly, (iii) store your password so you do not have to re-enter it each time you use the sites and (iv) improve and update the websites. Some of the websites operated on our behalf are hosted and managed by other companies which may also track and collect this information using cookies.

"Cookies" are small pieces of electronic information (specifically, a string of text) that your browser and your operating system store on your hard drive for record-keeping purposes. Cookies can store a user's ID and password, personalise home pages, identify which parts of a site have been visited and / or keep track of previous website use, selections or purchases.

We will only use certain cookies if you have provided consent for us to do so the first time you visit our website (we may ask you to provide consent again in future).

At any time, you can choose whether to accept or deny cookies; your browser on your computer is often initially set to accept cookies. However, you can choose to deny cookies and continue browsing the sites.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Essential website cookies:
These cookies are strictly necessary to provide you with services available through our Websites and to use some of its features, such as access to secure areas.

Performance and functionality cookies:
These cookies are used to enhance the performance and functionality of our Websites but are non-essential to their use. However, without these cookies, certain functionality (like videos) may become unavailable.

Analytics and customization cookies:
These cookies collect information that is used either in aggregate form to help us understand how our Websites are being used or how effective our marketing campaigns are, or to help us customize our Websites for you.

Advertising cookies:
These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

Content Management cookies:
These cookies that used for the content management server of the Website to provide the traffic statistic to help us customize our Websites for you.

Cookie Name Purpose More information
Essential website ASP.NET_SessionId Used by Microsoft .NET-based sites to maintain an anonymized user session by the server. This cookies expires at the end of a browsing session which is determined by the application configuration. .NET platform View Service Privacy Policy Expires in session
Performance and Functionality ARRAffinity Used by websites running on the Windows Azure cloud platform for load balancing. Azure View Service Privacy Policy Expires in session
Analytics and Customization _ga_# Used to distinguish individual users by means of designation of a randomly generated number as client identifier, which allows calculation of visits and sessions. Google analytics View Service Privacy Policy Expires after 2 years
Analytics and Customization _ga It records a particular ID used to come up with data about website usage by the user. Google analytics View Service Privacy Policy Expires after 2 years
Analytics and Customization _ga# Enables Google Analytics regulate the rate of requesting. It is a HTTP cookie type that lasts for a session. Google analytics View Service Privacy Policy Expires in 1 minute
Analytics and Customization _gid Keeps an entry of unique ID which is then used to come up with statistical data on website usage by visitors. It is a HTTP cookie type and expires after a browsing session. Google analytics View Service Privacy Policy Expires in 1 day
Advertising _gcl_au Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. AdSense View Service Privacy Policy Expires in 3 months
Advertising gu-audiences Used by Google AdWorks to re-engage visitors that are likely to convert to customers based on the visitor’s online behaviour across websites. AdWorks View Service Privacy Policy Expires in session
Content Management CMSCsrfCookie Store’s a security token that the system uses to validate all form data submitted via POST requests. Helps protect against cross site request forgery. The CMS server built-in component Expires in session
Content Management VisitorStatus Indicates if the visitor is new or returning. Used for tracking the visitor’s statistic in web analytics. The CMS server built-in component Expires in session
Content Management CMSPreferredCulture Stores the visitor’s preferred content culture. The CMS server built-in component for multilingual websites Expires in session
Content Management CMSLandingPageLoaded Indicates that the landing page has already been visited and the Landing Page activity is not logged again for the current visitor. Expires after 20 minutes and the expiration period of the key is renewed every time the website is accessed again. The CMS server built-in component for multilingual websites Expires after 20 minutes
Content Management CMSUserPage Stores the IDs (DocumentID, NodeID) of the last visited page. Used for logging landing and exit page web analytics and activities The CMS server built-in component for multilingual websites Expires after 20 minutes

Most cookies (other than essential cookies) will expire within two years.

J. PRIVACY NOTICE CHANGES

This Privacy Policy may from time to time be updated, revised and amended. Any update, revision or amendment will be effective immediately upon being posted on the website(s) and/or mobile application(s) of our Group and will be alerted to viewers via a pop-up link on the website. Where legally required, we shall notify you and/or obtain your consent where we seek to use your personal data for a new purpose(s). You are advised to check our website(s) and/or mobile application(s) for any updates to this Privacy Policy periodically.

For any questions or concerns about this Privacy Policy, you may contact us at:

Data Protection Officer
Sino Hotels
The Royal Pacific Hotel & Towers
China Hong Kong City, 33 Canton Road, Tsimshatsui, Kowloon
Hong Kong
Email: privacypolicy@sino-hotels.com


This Privacy Policy is written in the English language and may be translated into other languages. The English version shall prevail over the translated version in case of any consistency.

Effective Date: 1 May 2026